core/selinux-setup: actually skip setup gracefully when libselinux is not available (#39859)

Follow-up for 83b6ef9b62765b11bc602eae906ff13a5464a638

docs/CODING_STYLE.md

@@ -67,6 +67,18 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   const char *foo(const char *input);
   ```
 
+- Casts should be written like this:
+
+  ```c
+  (const char*) s;
+  ```
+
+  instead of this:
+
+  ```c
+  (const char *)s;
+  ```
+
 - Single-line `if` blocks should not be enclosed in `{}`. Write this:
 
   ```c

src/core/exec-invoke.c

@@ -5732,7 +5732,7 @@ int exec_invoke(
 
         /* We need setresuid() if the caller asked us to apply sandboxing and the command isn't explicitly
          * excepted from either whole sandboxing or just setresuid() itself. */
-        needs_setuid = (params->flags & EXEC_APPLY_SANDBOXING) && !(command->flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID));
+        needs_setuid = needs_sandboxing && !FLAGS_SET(command->flags, EXEC_COMMAND_NO_SETUID);
 
         uint64_t capability_ambient_set = context->capability_ambient_set;
 

src/core/selinux-setup.c

@@ -19,8 +19,10 @@ int mac_selinux_setup(bool *loaded_policy) {
         int r;
 
         r = dlopen_libselinux();
-        if (r < 0)
-                return log_debug_errno(r, "No SELinux library available, skipping setup: %m");
+        if (r < 0) {
+                log_debug_errno(r, "No SELinux library available, skipping setup.");
+                return 0;
+        }
 
         mac_selinux_disable_logging();