Summary:

SELinux is preventing access to files with the default label, default_t.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux permission checks on files labeled default_t are being denied. These
files/directories have the default label on them. This can indicate a labeling
problem, especially if the files being referred to are not top level
directories. Any files/directories under standard system directories, /usr,
/var. /dev, /tmp, ..., should not be labeled with the default label. The default
label is for files/directories which do not have a label on a parent directory.
So if you create a new directory in / you might legitimately get this label.

Allowing Access:

If you want a confined domain to use these files you will probably need to
relabel the file/directory with chcon. In some cases it is just easier to
relabel the system, to relabel execute: "touch /.autorelabel; reboot"

Additional Information:

Source Context                system_u:system_r:logwatch_t:s0-s0:c0.c1023
Target Context                system_u:object_r:default_t:s0
Target Objects                /.esmtp_queue [ dir ]
Source                        mktemp
Source Path                   /bin/mktemp
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           coreutils-7.2-4.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-88.fc11
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   default
Host Name                     (removed)
Platform                      Linux (removed) 2.6.30.9-99.fc11.i586 #1 SMP Tue
                              Nov 17 21:10:57 EST 2009 i686 i686
Alert Count                   3
First Seen                    Wed 02 Dec 2009 03:50:05 AM PST
Last Seen                     Wed 02 Dec 2009 03:50:05 AM PST
Local ID                      f369b313-435f-4f20-9244-0708484a7ae2
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1259754605.109:28925): avc:  denied  { write } for  pid=4270 comm="mktemp" name=".esmtp_queue" dev=sda7 ino=213330 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1259754605.109:28925): avc:  denied  { add_name } for  pid=4270 comm="mktemp" name="r8NsaCyp" scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1259754605.109:28925): avc:  denied  { create } for  pid=4270 comm="mktemp" name="r8NsaCyp" scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1259754605.109:28925): arch=40000003 syscall=39 success=yes exit=0 a0=90d0058 a1=1c0 a2=8052d60 a3=8 items=0 ppid=4266 pid=4270 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-88.fc11,default,mktemp,logwatch_t,default_t,dir,write
audit2allow suggests:

#============= logwatch_t ==============
allow logwatch_t default_t:dir { write create add_name };