So it seems they prefer to run groups of applications as services rather than totally isolating each program. This makes sense : docker bundles could be the next level of meta packages. You could say "I want to write some react-native code" and have the jvm, react-native and android sdk pulled at once and ready to use.

Regarding ipc, they take a good part of this page to describe their z/VM networking features, so I guess it's indeed something needing solving. The interesting part is that docker networking already allows tcp networking, and mounting volumes could help sharing sockets or regular files, kind of like the "single system image feature" they mention.