selinux_child: Allow to query sssd
    
    The function getpwnam_r is indirectly used ins selinux_child
    on few places. (in libselinux and libsemanage)
    
    There is not any reason why we should block nss calls with sssd.
    It is a child process and loop cannot be created.
    (BTW it is also allowed in krb_child and proxy_child)
    
      #0  _nss_sss_getpwnam_r (name=0x55c0e6471a50 "user4_2", result=0x7ffe9ab0d05,
              buffer=0x55c0e64741a0 "\200é\256\177\177", buflen=1024,
              errnop=0x7f7fafbcdb08)
              at src/sss_client/nss_passwd.c:132
      #1  0x00007f7fae7ad48f in __getpwnam_r (name=name@entry=0x55c0e6471a50 "user4_2",
              resbuf=resbuf@entry=0x7ffe9ab0d050, buffer=buffer@entry=0x55c0e64741a0 "\200é\256\177\177",
              buflen=buflen@entry=1024, result=result@entry=0x7ffe9ab0d048)
              at ../nss/getXXbyYY_r.c:316
      #2  0x00007f7faeabc9e2 in get_default_gid (name=0x55c0e6471a50 "user4_2")
              at seusers.c:105
      #3  getseuserbyname (name=0x55c0e6471a50 "user4_2", r_seuser=0x7ffe9ab0d0f0,
              r_level=0x7ffe9ab0d0f8) at seusers.c:186
      #4  0x000055c0e5126d02 in seuser_needs_update (ibuf=0x55c0e64718e0)
              at src/providers/ipa/selinux_child.c:175
      #5  main (argc=<optimized out>, argv=<optimized out>)
              at src/providers/ipa/selinux_child.c:332
    
      #0  _nss_sss_getpwnam_r (name=0x55c0e647dda0 "user3_1", result=0x7ffe9ab0cce0,
              buffer=0x55c0e6482180 "\240AG\346\300U", buflen=1024,
              errnop=0x7f7fafbcdb08) at src/sss_client/nss_passwd.c:132
      #1  0x00007f7fae7ad48f in __getpwnam_r (name=name@entry=0x55c0e647dda0 "user3_1",
              resbuf=resbuf@entry=0x7ffe9ab0cce0, buffer=buffer@entry=0x55c0e6482180 "\240AG\346\300U",
              buflen=buflen@entry=1024, result=result@entry=0x7ffe9ab0ccd8)
              at ../nss/getXXbyYY_r.c:316
      #2  0x00007f7faece29b3 in add_user (head=head@entry=0x7ffe9ab0ce28,
              user=user@entry=0x55c0e64b5930, name=name@entry=0x55c0e647dda0 "user3_1",
              sename=sename@entry=0x55c0e647bdc0 "staff_u",
              selogin=selogin@entry=0x55c0e647dda0 "user3_1",
              s=<optimized out>) at genhomedircon.c:999
      #3  0x00007f7faece334c in get_users (errors=<synthetic pointer>,
              s=0x7ffe9ab0ce70) at genhomedircon.c:1167
      #4  write_gen_home_dir_context (homedir_context_tpl=0x55c0e647d3d0,
              user_context_tpl=0x55c0e647a870, username_context_tpl=0x0,
              out=0x55c0e646fa80, s=0x7ffe9ab0ce70) at genhomedircon.c:1205
      #5  write_context_file (out=<optimized out>, s=0x7ffe9ab0ce70)
              at genhomedircon.c:1317
      #6  semanage_genhomedircon (sh=sh@entry=0x55c0e6476380, policydb=<optimized out>,
              usepasswd=<optimized out>, ignoredirs=<optimized out>)
              at genhomedircon.c:1382
      #7  0x00007f7faecdfb95 in semanage_direct_commit (sh=0x55c0e6476380)
              at direct_api.c:1575
      #8  0x00007f7faece4d6d in semanage_commit (sh=0x55c0e6476380) at handle.c:426
      #9  0x000055c0e5127cf8 in sss_set_seuser (login_name=0x55c0e6471a5 "user4_2",
              seuser_name=0x55c0e6471960 "staff_u", mls=<optimized out>)
              at src/util/sss_semanage.c:335
      #10 0x000055c0e5126eea in sc_set_seuser (mls=0x55c0e64719d0 "s0-s0:c0.c1023",
              seuser_name=0x55c0e6471960 "staff_u",
              login_name=0x55c0e6471a50 "user4_2")
              at src/providers/ipa/selinux_child.c:162
      #11 main (argc=<optimized out>, argv=<optimized out>)
              at src/providers/ipa/selinux_child.c:334
    
    Merges: https://pagure.io/SSSD/sssd/pull-request/3732
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>