[Dovecot] selinux rules for dovecot

[Robert Moskowitz]

I am running selinux in permissive mode on my new mail server, in part 
because of dovecot.  I would really like to use selinux, but I suspect 
it may be a challenge.  My setup is on Centos 6.3 with dovecot using 
mysql for virutal domains and users.  I am looking for a set of 
definitive selinux instructions, not a pointer to selinux tutorial.  
Here are examples of what I am seeing:

Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33468): 
avc:  denied  { search } for  pid=2994 comm="dict" name="mysql" dev=dm-0 
ino=1705864 scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33469): 
avc:  denied  { write } for  pid=2994 comm="dict" name="mysql.sock" 
dev=dm-0 ino=1706116 scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file
Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.770:33470): 
avc:  denied  { connectto } for pid=2994 comm="dict" 
path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket
Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.771:33471): 
avc:  denied  { getattr } for  pid=2994 comm="dict" 
path="/usr/share/mysql/charsets/Index.xml" dev=dm-0 ino=395155 
scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:object_r:usr_t:s0 tclass=file
Feb 27 16:46:08 klovia kernel: type=1400 audit(1362001568.771:33472): 
avc:  denied  { read } for  pid=2994 comm="dict" name="Index.xml" 
dev=dm-0 ino=395155 scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:object_r:usr_t:s0 tclass=file