diff --git a/roles/samba/files/samba-dc.te b/roles/samba/files/samba-dc.te
index fe1fa57..b098f40 100644
--- a/roles/samba/files/samba-dc.te
+++ b/roles/samba/files/samba-dc.te
@@ -1,11 +1,14 @@
-module samba-dc 1.0;
+module samba-dc 1.1;
 
 require {
         type ntpd_var_run_t;
+        type unconfined_service_t;
         type chronyd_t;
         class sock_file write;
+        class unix_stream_socket connectto;
 }
 
 #============= chronyd_t ==============
 allow chronyd_t ntpd_var_run_t:sock_file write;
+allow chronyd_t unconfined_service_t:unix_stream_socket connectto;
 
diff --git a/roles/samba/tasks/selinux.yml b/roles/samba/tasks/selinux.yml
index d7bce6c..d00e63c 100644
--- a/roles/samba/tasks/selinux.yml
+++ b/roles/samba/tasks/selinux.yml
@@ -19,6 +19,7 @@
   when: samba_role == 'dc' or samba_role == 'rodc'
   with_items:
     - samba_domain_controller
+    - rsync_sys_admin
   tags: samba
 
 - name: Copy custom policy