Given qemu's security track record, they're not necessarily wrong.

It's always a matter of increasing attacker cost. I am not sure that attacking QEMU, then finding a privilege escalation on the host that can break out of SELinux is much easier than just staying in the VM, hopping through the internal network until you find a host that lets you do what you want.

Chances are what you want is "simply" access to a shared folder rather than root.

That's a bit unfair since:

1. Most users won't be affected by all the exploits (you don't stuff in a VM all models of network cards, SCSI controllers, etc)

2. Many deployments of QEMU (through Xen or Libvirt) are protected by AppArmor/SELinux. This would at least forbid access to /proc/self/mem but I can't say if this is enough to prevent evasion. IMO, this is likely to make the task quite harder.

To be fair, Docker now defaults to using AppArmor and seccomp too. And the defaults seem to be not completely toothless either (I had to "disable" seccomp to get things running multiple times. For example, you can't just ptrace() in a container.)

Which is mostly root. Rootless containers are still not widely deployed

Citation needed.

That's certainly a goal, but I've never heard the claim.

> will emerge > thin walls

This article is very hopeful and positively worded, but at its core it acknowledges that security parity is still a work in progress.