"On the other hand, if you have a multi-user system and really need to protect one local user from another, SELinux is the way to go."
Splitting up a physical machine with a single host OS into multiple virtual machines, even though this was designed for purposes other than MAC, seems to achieve many of the same objectives of MAC in practice. Why not give each user that needs protecting from other local users a virtual machine instead? I've been using a single VM to host multiple services, domains and websites on the same physical hosting hardware shared by many other VMs run by people I don't know for years without problems of the sort which can occur on shared login hosts. So long as the VM can't escape it's memory and disk allocation isn't this arrangement just as secure as MAC ? Is it any more likely that a bug will occur in the virtual machine monitor which violates security, than a bug will occur in a MAC system such as SELinux or AppArmour which violates security ?