The root PDF example is facetious, a competent security module could
decline access to a file that could be re-written by a non-privileged
user. Also it could deny read access, to files currently held open for
Write by other users. Similarly, it could decline write access to files,
that have open file descriptors held by other users, similar to the
default file locking used by OS like VMS.
SunOS 4 had a union type file system, that was COW, it was used as basis
for a source code management system. That might also be an interesting
approach, at price of losing POSIX filesystem semantics.
Actually a COW filesystem, overlay for chroot-ed daemons, would allow
hard-linking of most of the files, so it wouldn't just be useful when some
kind of file scanning was intended.