PwC: Could you extend a governance model along these same lines?
BG: Absolutely. [...]
Now it's going to be up to the operating system providers to close the gap to the hardware so that (a) the OS is protected and that protection extends to the container agent (docker).
I asked Alex Polvi, CTO at CoreOS, a similar question and he answered:
AP: We are working on a full trusted computing environment using CoreOS
We are living in exciting times!