Description of problem:
The kernel containers functionality can provide strong isolation of QEMU vms, in parallel with SELinux/DAC security drivers.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
*** Bug 1125117 has been marked as a duplicate of this bug. ***
Closing old bug that is too vague. We already use mount namespaces to isolate /dev. Other targetted use of namespaces may be added in future.