I'm getting SELinux denials indicating that /usr/sbin/aide is trying to access a socket used by SSSD: the socket path is /var/lib/sss/pipes/nss. Here is the relevant text from sealert:
Additional Information:
Source Context system_u:system_r:aide_t:s0-s0:c0.c1023
Target Context system_u:object_r:sssd_var_lib_t:s0
Target Objects (null) [ sock_file ]
Source aide
Source Path /usr/sbin/aide
Raw Audit Messages
type=AVC msg=audit(1560503762.699:28324): avc: denied { write } for
pid=37019 comm="aide" name="nss" dev=dm-3 ino=262366
scontext=system_u:system_r:aide_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=sock_file
type=AVC msg=audit(1560503762.699:28324): avc: denied { connectto } for
pid=37019 comm="aide" path="/var/lib/sss/pipes/nss"
scontext=system_u:system_r:aide_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sssd_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1560503762.699:28324): arch=x86_64 syscall=connect
success=yes exit=0 a0=7 a1=7ffe5f7f2ea0 a2=6e a3=7ffe5f7f2b30 items=1
ppid=37017 pid=37019 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=324 comm=aide exe=/usr/sbin/aide
subj=system_u:system_r:aide_t:s0-s0:c0.c1023 key=(null)
type=PATH msg=audit(1560503762.699:28324): item=0 name=(null) inode=262366
dev=fd:03 mode=0140666 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:sssd_var_lib_t:s0 nametype=NORMAL
I can modify the context to allow this, but I don't want to do that without knowing why AIDE would try to access a socket created by the SSSD service.
