From 6355e75610a8d47fc3ba5ab8bd442172a2cfe574 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 27 Nov 2015 20:22:56 +0100
Subject: selinux: split up mac_selinux_have() from mac_selinux_use()

Let's distuingish the cases where our code takes an active role in
selinux management, or just passively reports whatever selinux
properties are set.

mac_selinux_have() now checks whether selinux is around for the passive
stuff, and mac_selinux_use() for the active stuff. The latter checks the
former, plus also checks UID == 0, under the assumption that only when
we run priviliged selinux management really makes sense.

Fixes: #1941
---
 src/test/test-condition.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/test')

diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index f224c6cdd8..8903d10db7 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -203,7 +203,7 @@ static void test_condition_test_security(void) {
         condition_free(condition);
 
         condition = condition_new(CONDITION_SECURITY, "selinux", false, true);
-        assert_se(condition_test(condition) != mac_selinux_use());
+        assert_se(condition_test(condition) != mac_selinux_have());
         condition_free(condition);
 
         condition = condition_new(CONDITION_SECURITY, "ima", false, false);
-- 
cgit v1.2.3-54-g00ecf