Sure, and SELinux itself can be poorly configured. Security measures in general need to be thought through in the context of the actual deployment. I just meant that mandatory access control of the general sort needed here has obviously been historically on the NSA's radar (moreso than the rest of the world, even) and here they are failing at it, and that's a little bit sad and a little bit funny in addition to everything else that's going on.
