I think the parent's point is that running a unikernel on paravirtualized hardware is actually neither: the entire VM runs in userspace as seen from the host, but you still have the data copy from the host's physical network interface to the paravirtual interface on the VM.
But you're paying for the virtualization boundary, which is usually more expensive than a syscall boundary. You're still a VM guest running under the host kernel, which is a comparable situation to a userspace process.
1. Move the network stack to userspace. Then the code running in userland can get at the request without a copy.
2. Move the running code into the kernel. Then the code running in the kernel can get at the request without a copy.
Unikernals are a way to do 2. People just really don't want to pay for that syscall boundary.