units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555)

author Lennart Poettering <lennart@poettering.net>

Thu, 22 Mar 2018 20:41:54 +0000 (21:41 +0100)

committer Evgeny Vereshchagin <evvers@ya.ru>

Thu, 22 Mar 2018 20:41:54 +0000 (23:41 +0300)
author Lennart Poettering <lennart@poettering.net>
Thu, 22 Mar 2018 20:41:54 +0000 (21:41 +0100)
committer Evgeny Vereshchagin <evvers@ya.ru>
Thu, 22 Mar 2018 20:41:54 +0000 (23:41 +0300)
diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in

index bed4177..475182d 100644 (file)
--- a/units/systemd-time-wait-sync.service.in
+++ b/units/systemd-time-wait-sync.service.in
@@ -10,8 +10,17 @@
  [Unit]
  Description=Wait Until Kernel Time Synchronized
  Documentation=man:systemd-time-wait-sync.service(8)
+
+# Note that this tool doesn't need CAP_SYS_TIME itself, but it's primary
+# usecase is to run in conjunction with a local NTP service such as
+# systemd-timesyncd.service, which is conditioned this way. There might be
+# niche usecases where running this service independently is desired, but let's
+# make this all "just work" for the general case, and leave it to local
+# modifications to make it work in the remaining cases.
+
  ConditionCapability=CAP_SYS_TIME
  ConditionVirtualization=!container
+
  DefaultDependencies=no
  Before=time-sync.target shutdown.target
  Wants=time-sync.target
author	Lennart Poettering <lennart@poettering.net>
	Thu, 22 Mar 2018 20:41:54 +0000 (21:41 +0100)
committer	Evgeny Vereshchagin <evvers@ya.ru>
	Thu, 22 Mar 2018 20:41:54 +0000 (23:41 +0300)