How do I find what's being denied by SELinux?

Another issue with working on SELinux...

We have a somewhat legacy server running Apache and I'm getting the following AVC denials in the audit log:

type=SYSCALL msg=audit(1354504450.788:403059): arch=40000003 syscall=221 success=yes exit=0 a0=20 a1=7 a2=e3b718 a3=e3b718 items=0 ppid=3206 pid=25561 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1354504450.788:403059): avc:  denied  { lock } for  pid=25561 comm="httpd" path=2F617070732F6C6F67732F73736C2F73736C5F6D75746578202864656C6574656429 dev=dm-0 ino=391711 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file
 

We're getting quite a few of these, but I'm not sure how to track down what is actually being denied. I'm thinking that, whatever it is, the default_t context probably isn't correct, but I don't know what to change the context on because it doesn't refer to a file.

Any ideas?