procmail is piping to spamassassin, AVC denial as it tries to read from /var/lib/spamassassin/3.003000/. type=AVC msg=audit(1256406006.631:330034): avc: denied { read } for pid=26233 comm="spamassassin" name="3.003000" dev=dm-0 ino=846234 scontext=root:system_r:spamassassin_t:s0 tcontext=user_u:object_r:spamd_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1256406006.631:330034): arch=c000003e syscall=2 success=no exit=-13 a0=a3bbae0 a1=10800 a2=2 a3=13 items=0 ppid=26232 pid=26233 auid=0 uid=619 gid=619 euid=619 suid=619 fsuid=619 egid=619 sgid=619 fsgid=619 tty=(none) ses=1540 comm="spamassassin" exe="/usr/bin/perl" subj=root:system_r:spamassassin_t:s0 key=(null) spamassassin-3.3.0-0.18.svn816416.el5 selinux-policy-2.4.6-255.el5_4.1
Miroslov, Just add list_files_pattern(spamassassin_t,spamd_var_lib_t,spamd_var_lib_t)
It is strange that we do not have this rule in F12 policy, but allow spam to list the contents of the directory that it can read does not seem like a stretch.
Fixed in selinux-policy-2.4.6-264.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0182.html