not sure what to make of this. host=gelk type=AVC msg=audit(1206954096.938:326): avc: denied { ioctl } for pid=15415 comm="sh" path="/usr/bin/spamc" dev=md0 ino=30782362 scontext=system_u:system_r:procmail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file host=gelk type=SYSCALL msg=audit(1206954096.938:326): arch=c000003e syscall=16 success=no exit=-13 a0=3 a1=5401 a2=7fff6be0e710 a3=3ec416da10 items=0 ppid=15414 pid=15415 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=58 comm="sh" exe="/bin/bash" subj=system_u:system_r:procmail_t:s0-s0:c0.c1023 key=(null) This happened three times. All my usual mail doesn't trigger it, so I'm wondering if it's just something special about the mail that cron.daily sent. My .procmailrc is fairly benign, just a spamc invocation and filtering into folders, so I'm not sure where the ioctl comes in.
I have no idea but I will add the ability for domtrans pattern to ioctl Fixed in selinux-policy-3.3.27.fc9