Fix selinux check for ReloadUnit

[evverx]

Fixes:

-bash-4.3# echo 1 >/sys/fs/selinux/enforce
-bash-4.3# runcon -t systemd_test_start_t systemctl start hola

-bash-4.3# sesearch --allow -s systemd_test_reload_t -c service
Found 1 semantic av rules:
   allow systemd_test_reload_t systemd_unit_file_t : service reload ;

-bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola
Failed to reload hola.service: Access denied
See system logs and 'systemctl status hola.service' for details.

-bash-4.3# journalctl -b | grep -i user_avc | grep reload
USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='
avc:  denied  { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola"
scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_unit_file_t:s0
tclass=service

See
https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
ReloadUnit maps to reload (not start)

[evverx]

You can create systemd_test_reload_t for testing:

$ cd test/TEST-06-SELINUX

$ sudo make -f /usr/share/selinux/devel/Makefile load

$ sudo semanage module -l | grep systemd_test
systemd_test              400       pp

$ sesearch --allow -s 'systemd_test_*' -c service -R
Found 4 semantic av rules:
   allow systemd_test_status_t systemd_unit_file_t : service status ;
   allow systemd_test_start_t systemd_unit_file_t : service start ;
   allow systemd_test_stop_t systemd_unit_file_t : service stop ;
   allow systemd_test_reload_t systemd_unit_file_t : service reload ;

[poettering]

OK, only found a nitpick... Looks excellent will merge. The switch() suggestions doesn't really matter I figure...