IncludeOS: a unikernel for C++ applications

The biggest advantage I see is the reduced attack surface. You can turn off services, you can block them from not connecting to the outside world - but if they're never compiled into existence in the first place, they *cannot* be turned back on, or unblocked. And if it were running on bare metal instead of in a VM, your responsiveness would likely be a lot more predictable.