Your app needs to support MCS ranges, because the binary is the same for all the instances. This is how it is done for VM isolation with libvirt at RHEL systems, for example.
You can experiment by starting the different instances in different ranges using runcon(1)'s -l switch.
This way, you can use the same type enforcement for all the instances, while running every instance in a different category. That would isolate the instances from the rest of the system and between them at the same time.
Your app needs to support MCS ranges, because the binary is the same for all the instances. This is how it is done for VM isolation with libvirt at RHEL systems, for example.
You can experiment by starting the different instances in different ranges using
runcon(1)'s-lswitch.This way, you can use the same type enforcement for all the instances, while running every instance in a different category. That would isolate the instances from the rest of the system and between them at the same time.