layers of containers wont give you much. the main issue is the shared kernel, any bug there, any shared resource from there, and all containers have the same risk, no matter how many levels of nesting you have.
layers of vm's, lxc containers, zerovms, etc, will probably make the attacks harder, but also the management, and speed, will suffer, and the security/useability trade off will probably not be adequate (given how fast vm's start anyway, if you want more isolation, you could just use a VM then)
Zerovm is nice, but it requires porting, and of course, is not a silver bullet either.
layers of vm's, lxc containers, zerovms, etc, will probably make the attacks harder, but also the management, and speed, will suffer, and the security/useability trade off will probably not be adequate (given how fast vm's start anyway, if you want more isolation, you could just use a VM then)
Zerovm is nice, but it requires porting, and of course, is not a silver bullet either.