From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Mar 2018 20:41:54 +0000 (+0100)
Subject: units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555)
X-Git-Tag: v239~492
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c5beecca19f02cc81408d2ed942d96f9724091d5;p=platform%2Fupstream%2Fsystemd.git

units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555)

As requested by @evverx in https://github.com/systemd/systemd/pull/8537#issuecomment-375122615
---

diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in
index bed4177..475182d 100644
--- a/units/systemd-time-wait-sync.service.in
+++ b/units/systemd-time-wait-sync.service.in
@@ -10,8 +10,17 @@
 [Unit]
 Description=Wait Until Kernel Time Synchronized
 Documentation=man:systemd-time-wait-sync.service(8)
+
+# Note that this tool doesn't need CAP_SYS_TIME itself, but it's primary
+# usecase is to run in conjunction with a local NTP service such as
+# systemd-timesyncd.service, which is conditioned this way. There might be
+# niche usecases where running this service independently is desired, but let's
+# make this all "just work" for the general case, and leave it to local
+# modifications to make it work in the remaining cases.
+
 ConditionCapability=CAP_SYS_TIME
 ConditionVirtualization=!container
+
 DefaultDependencies=no
 Before=time-sync.target shutdown.target
 Wants=time-sync.target