Hi Dan,
I got something like:
type=SYSCALL msg=audit(1248337552.277:51): arch=40000003 syscall=5
success=yes exit=9 a0=2590dd8 a1=8000 a2=0 a3=0 items=0 ppid=3929
pid=3934 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=1 comm="smtp" exe="/usr/libexec/postfix/smtp"
subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1248337552.277:52): avc: denied { lock } for
pid=3934 comm="smtp" path="/home/choeger/cert/sasl_passwd.db"
dev=dm-1
ino=2976113 scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
(that's just a simple example)
Basically postfix_smtp_t and user_home_t do not play nice - which is not
a big surprise since that is what confinement is all about, but I wish
there would be a way to handle that use case.