BUILD: Allow to read private pipes for root
Root can read anything from any directory even with permissions 000.
However SELinux checks discretionary access control (DAC)
and deny access if access is not allowed for root by DAC.
The pam_sss use different unix socket /var/lib/sss/pipes/private/pam
for user with uid 0. Therefore root need to be able read content
of directory with private pipes.
type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc: denied
{ dac_read_search } for pid=20257 comm=vsftpd capability=dac_read_search
scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc: denied
{ dac_override } for pid=20257 comm=vsftpd capability=dac_override
scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
Resolves:
https://fedorahosted.org/sssd/ticket/3143
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>