In theory SELinux can protect you, but you really have to trust both it's implementation and it's configuration. This requires placing a large amount of trust the the System Administrator team that you are trying to be protected from.
To some extent you either trust your system administrators or you don't.
If you don't how can you trust that they properly configured SELinux?
If you do, do you really need SELinux to be configured?
things do get a bit messier when you talk about multiple guests on one box and you want to make sure that you don't get attacked from the other guests, but there you can go a long way by simply having each guest run as a different user that has no permissions to anything else on the system (which does take careful auditing of the system, modern linux systems are not put together with multi-user security in mind)
but in my opinion, right now the real answer is that you really don't want to use virtualization as a security critical barrier between hostile parties and their targets.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds