User namepsaces with multi tenant containers with different privilege levels

hi, we are trying to run multiple containers on an EC2. Our ECS agent runs in a container with elevated privilege. We need all other containers to run with lower privilege. All containers except the ECS agent should have their namespace mapped. Do we need to use SELINUX MLS to type label containers? Has anyone implemneted it?