I also encounter the problem with starting/stopping services (installing
packages as per bug 722579 works well for me with stated configuration).

Packages:
ricci-0.12.2-32.el5_7.1
selinux-policy-2.4.6-317.el5
selinux-policy-targeted-2.4.6-317.el5

How ricci handles services:
Ricci's executable module /usr/libexec/ricci-modrpm executes
"/etc/init.d/$SERVICENAME (start|stop|restart)"

Note:
I tried using "/sbin/service $SERVICENAME (start|stop|restart)" way instead,
but got the same result.


+++ Partial manual clone (removing unrelated comments) of bug 722579 +++

> Comment ##4 Brandon Perkins 2011-10-04 19:32:11 CEST

The issue described in the original description appears to be fixed (using
selinux-policy-2.4.6-317.el5 and ricci-0.12.2-33.el5).  However, that then
exposes the next issue.  While not related to the original installation of
RPMs, which is in fact working now, it appears ricci is unable to start the
daemons for a similar reason.  I am happy to open this as a new bug if that's
preferred.

Summary:

SELinux is preventing ricci-modservic (ricci_modservice_t) "create" to
<Unknown>
(ricci_modservice_t).

Detailed Description:

SELinux denied access requested by ricci-modservic. It is not expected that
this
access is required by ricci-modservic and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:ricci_modservice_t
Target Context                system_u:system_r:ricci_modservice_t
Target Objects                None [ unix_dgram_socket ]
Source                        ricci-modservic
Source Path                   /usr/libexec/ricci-modservice
Port                          <Unknown>
Host                          bz722579.dhcp151-173.mpc.lab.eng.bos.redhat.com
Source RPM Packages           ricci-0.12.2-33.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-317.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     bz722579.dhcp151-173.mpc.lab.eng.bos.redhat.com
Platform                      Linux
                              bz722579.dhcp151-173.mpc.lab.eng.bos.redhat.com
                              2.6.18-274.3.1.el5 #1 SMP Fri Aug 26 18:49:02 EDT
                              2011 x86_64 x86_64
Alert Count                   4
First Seen                    Tue Oct  4 13:26:46 2011
Last Seen                     Tue Oct  4 13:26:46 2011
Local ID                      932f9ada-a4cc-4ca7-8149-02ce9f8b91ce
Line Numbers                  

Raw Audit Messages            

host=bz722579.dhcp151-173.mpc.lab.eng.bos.redhat.com type=AVC
msg=audit(1317749206.35:39): avc:  denied  { create } for  pid=19400
comm="ricci-modservic" scontext=system_u:system_r:ricci_modservice_t:s0
tcontext=system_u:system_r:ricci_modservice_t:s0 tclass=unix_dgram_socket

host=bz722579.dhcp151-173.mpc.lab.eng.bos.redhat.com type=SYSCALL
msg=audit(1317749206.35:39): arch=c000003e syscall=41 success=no exit=-13 a0=1
a1=2 a2=0 a3=7db items=0 ppid=19398 pid=19400 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="ricci-modservic" exe="/usr/libexec/ricci-modservice"
subj=system_u:system_r:ricci_modservice_t:s0 key=(null)


> Comment ##5 Miroslav Grepl 2011-10-05 07:05:21 CEST

Ok, this is a different AVC msg.