Restricting Container Creation

Using the Community edition, am trying to a create a control mechanism that decides whether the container (that hosts my serviceABC) in concern can be started at all. Say based on rules like license restrictions or instance count etc.

Couple of approaches that came into mind :

  1. Watch the Docker event stream for all container all creation and if required forcibly shutdown the just started container based on some rule. Yes, quite dirty.

  2. Alternatively, create a new Docker authorization Plugin that is initiated using the docker daemon. This approach is pretty reasonable but question arises on what if the plugin was not loaded in the first place at all.

  3. Have a mechanism wherein my serviceABC in container queries an external service (say a REST service endpoint) as it is created. If the external service give a no-go, then my serviceABC terminates/exits itself.

Please provide thoughts on the above approaches. Further, any alternate cleaner approaches to consider please ?