> Can we somehow combine the advantages of the docker ecosystem with VMs?

Shameless plug: this is exactly what our goal is with https://kwarantine.xyz We are creating a new hypervisor (from scratch) that can run strongly isolated Docker/LXC containers.