Kirill Ermakov recently posted a study he did of SELinux protections against a vulnerable Apache server. After reading the study you might come a way with the idea that SELinux did not block anything. After all it allowed the hacked process to read /etc/passwd. SELinux also allowed a hacked Apache to upload a file and execute it. This points out what most people do not understand about SELinux.