What is wrong when spamc is not allowed to connect to spamd?

[Göran Uddeborg]

I'm gradually upgrading to Fedora 10 using yum, so I suspect this
problem might be that some package is not yet upgraded.  But I can't
understand what it could be.

I'm running spamassassin using the lines

    DROPPRIVS=yes
    INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc

in /etc/procmailrc.  After upgrading to Fedora 10 policy and
spamassassin I get these AVC:s

    time->Sun Dec  7 20:01:46 2008
    type=SYSCALL msg=audit(1228676506.702:50): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=1358850 a2=10 a3=8 items=0 ppid=3558 pid=3559 auid=4294967295 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc" subj=system_u:system_r:spamc_t:s0 key=(null)
    type=AVC msg=audit(1228676506.702:50): avc:  denied  { name_connect } for  pid=3559 comm="spamc" dest=783 scontext=system_u:system_r:spamc_t:s0 tcontext=system_u:object_r:spamd_port_t:s0 tclass=tcp_socket

I.e., spamc isn't allowed to connect to spamd's TCP socket.

Looking in the spamassassin.te source I see that spamc_t is allowed to
connect to spamd_t:unix_stream_socket but I can't see anything that
would allow it to connect to a tcp_socket of any type.

Looking at the spamassassin code, I spamd would create and spamc use a
unix-domain socket if given explicit path to it, but in the default
configuration I can't see anything that would add those flags.

I've enabled spamassassin_can_network as a temporary workaround, but
that shouldn't be necessary just to use spamc, should it?

What am I missing here?