I think that definition is a bit too broad and too narrow to be useful.
For too narrow: you might have a security focused OS that includes everything like a TCP/IP stack etc, but perhaps doesn't allow arbitrary binaries by construction. (Eg it might only allow binaries that come with a proof of innocence, or some other restriction that's harsh enough to lose the 'arbitrary' rating.)
Obviously, "capable of running arbitrary binaries, but with a check inside exec() to allow only specific binaries run" counts as "capable of running arbitrary binaries".
For too narrow: you might have a security focused OS that includes everything like a TCP/IP stack etc, but perhaps doesn't allow arbitrary binaries by construction. (Eg it might only allow binaries that come with a proof of innocence, or some other restriction that's harsh enough to lose the 'arbitrary' rating.)
For too broad: https://en.wikipedia.org/wiki/Weird_machine would make almost any software that was written sloppily enough into an OS.