Selinux disallows read-only loop mount of a file, but only at boot [SOLVED]

[Alan Cox]

> But it really isn't the magic bullet y'all like to spout it is e.g it
> doesn't do kernel exploits, buffer overflows or prevent the last
> redhat/fedora intrusion

It helps a lot in some of those cases. I run several web servers and
because the scripts are all labelled properly SELinux has repeatedly
saved the day from the usual hole infested cgi people insist on writing.

Alan