Merge pull request #404 from jpds/chronyd/netadmin

policy/modules/services/chronyd.te

@@ -5,6 +5,14 @@ policy_module(chronyd, 1.8.0)
 # Declarations
 #
 
+## <desc>
+##      <p>
+##      Determine whether chronyd can access NIC hardware
+##      timestamping features
+##      </p>
+## </desc>
+gen_tunable(chronyd_hwtimestamp, false)
+
 attribute_role chronyc_roles;
 
 type chronyd_t;
@@ -99,6 +107,11 @@ miscfiles_read_localization(chronyd_t)
 chronyd_dgram_send_cli(chronyd_t)
 chronyd_read_config(chronyd_t)
 
+tunable_policy(`chronyd_hwtimestamp',`
+	# net_admin required for SIOCSHWTSTAMP.
+	allow chronyd_t self:capability net_admin;
+')
+
 optional_policy(`
 	gpsd_rw_shm(chronyd_t)
 ')