rsyslog-mysql on CentOS 5.3 does not have permission to access the mysql.sock

After installing and configuring both MySQL and rsyslog with the mysql extensions I get the following error in /var/log/messages:

rsyslogd:db error (2002): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)

I can connect through the socket using the mysql client by specifying '--socket=/var/lib/mysql/mysql.sock'.

I have narrowed the problem down to selinux permissions. The /var/log/audit/audit.log file has this to say:

type=AVC msg=audit(1244654592.150:320): avc: denied { search } for pid=6382 comm="rsyslogd" name="mysql" dev=xvda3 ino=1369538 scontext=user_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir

Turning selinux in permissive mode does solve the problem. This is going to be production server and leaving selinux in permissive mode is not an option.

Running restorecon on /var/lib/mysql/mysql.sock also does not solve the problem. Can anyone out there give me a hand?

Edit:

So my quest continues, heres an update. I ended up creating an semodule to explicitly allow this behavior. To do this I did the following (as root):

# cd /var/log/audit/
# grep mysql audit.log | audit2allow

It outputed this:

#============= syslogd_t ==============
allow syslogd_t mysqld_db_t:dir search;
allow syslogd_t mysqld_var_run_t:sock_file write;
allow syslogd_t mysqld_t:unix_stream_socket connectto;

Those were indeed the permissions I wanted to grant to rsyslog... so I compiled it into a module according to RedHat's instructions and installed it using the semodule command.

After attempting to restart the rsyslog service the error continues and there are no new 'denied' messages in the audit log. Anybody have any ideas?