Revert "selinux: split up mac_selinux_have() from mac_selinux_use()"

This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.

The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running as
MANAGER_USER.  In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID.  Additionally, it causes activated socket units to
be mislabeled for systemd --user processes since setsockcreatecon() would never
be called.

Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.

1 files changed, 1 insertions, 1 deletions

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index c9bf3832c7..74b00ad47e 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -479,7 +479,7 @@ int server_open_native_socket(Server*s) {
                 return log_error_errno(errno, "SO_PASSCRED failed: %m");
 
 #ifdef HAVE_SELINUX
-        if (mac_selinux_have()) {
+        if (mac_selinux_use()) {
                 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
                 if (r < 0)
                         log_warning_errno(errno, "SO_PASSSEC failed: %m");