Incorrect SELinux labeling of mysql unix socket on Centos7

OS:

# rpm -q centos-release
centos-release-7-9.2009.1.el7.centos.x86_64

I'm trying to get zabbix-agent to access mysqld (using mysqladmin ping), but the process fails with the following errors(in auditlog):

type=AVC msg=audit(1690802455.685:134747): avc:  denied  { connectto } for  pid=18714 comm="mysqladmin" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=s
ystem_u:system_r:mysqld_t:s0 tclass=unix_stream_socket permissive=0
type=SYSCALL msg=audit(1690802455.685:134747): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7ffe8b63b500 a2=6e a3=7ffe8b63ade0 items=0 ppid=18635 pid=18714 auid=4294967295 uid=997 gid=
995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="mysqladmin" exe="/usr/bin/mysqladmin" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)

Running this through audit2allow gives me the fix, but with a warning:

#============= zabbix_agent_t ==============

#!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.  
#!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
allow zabbix_agent_t mysqld_t:unix_stream_socket connectto;

Searching for the expected permission for /var/lib/mysql/mysql.sock I see the following:

/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/mysql/mysql\.sock   -s      system_u:object_r:mysqld_var_run_t:s0

The actual permission matches:

srwxrwxrwx. mysql mysql system_u:object_r:mysqld_var_run_t:s0 /var/lib/mysql/mysql.sock

Looking at the process contexts:

 # ps -eZf  |grep -E '^LABEL|mysqld|zabbix' |grep -v grep
LABEL                           UID        PID  PPID  C STIME TTY          TIME CMD
system_u:system_r:mysqld_safe_t:s0 mysql  6331     1  0 Feb04 ?        00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
system_u:system_r:mysqld_t:s0   mysql     6644  6331  1 Feb04 ?        2-05:50:59 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
system_u:system_r:zabbix_agent_t:s0 zabbix 18926   1  0 11:25 ?        00:00:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
system_u:system_r:zabbix_agent_t:s0 zabbix 18927 18926  0 11:25 ?      00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
system_u:system_r:zabbix_agent_t:s0 zabbix 18928 18926  0 11:25 ?      00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
system_u:system_r:zabbix_agent_t:s0 zabbix 18929 18926  0 11:25 ?      00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
system_u:system_r:zabbix_agent_t:s0 zabbix 18930 18926  0 11:25 ?      00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]

Next, when I try to add the created rule to the policy, I get an error for mysqld_t:

zabbix_home.te:22:ERROR 'unknown type mysqld_t' at token ';' on line 22:                                                                                                                        
allow zabbix_agent_t mysqld_t:unix_stream_socket connectto;                                                                                                                                     
allow zabbix_agent_t mysqld_var_run_t:sock_file write;                                                                                                                                          
checkmodule:  error(s) encountered while parsing configuration                                                                                                                                  
checkmodule:  loading policy configuration from zabbix_home.te           

My questions are:

• Why is my target context is mysqld_t instead of mysqld_var_run_t?
• How do I fix this?