Comment 7 for bug 1872175

After a discussion with jjohansen (thanks!) I learned that some of the procfs access will trigger ptrace rules. Odd, but nice to know ...

After that was clear I was fixing he initial fail. I found a bunch of further issues hidden behind those but it seems at least in my local setup the following makes everything work.

1. We need to track disconnected
/usr/sbin/gpsd flags=(attach_disconnected) {

2. And we need those for PPS:
 # required for pps initialization
 capability dac_read_search,
 capability sys_ptrace,
 capability sys_time,
 /sys/devices/virtual/pps/ r,
 # triggerd on some /proc access needed for pps
 ptrace read peer=unconfined,
 # to submit data to chrony
 ptrace read peer=/usr/sbin/chronyd,
 # for lubusb
 /sys/devices/**/usb[0-9]*/** r,

I'll ask the security team to +1 on those and will try with another device on Wednesday (waiting for an antenna cable adapter)