units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555)

As requested by @evverx in https://github.com/systemd/systemd/pull/8537#issuecomment-375122615
2018-03-22 21:41:54 +01:00 · 2018-03-22 21:41:54 +01:00 · c5beecca19
parent 1147eef0b6
commit c5beecca19
1 changed files with 9 additions and 0 deletions
--- a/units/systemd-time-wait-sync.service.in
+++ b/units/systemd-time-wait-sync.service.in
@ -10,8 +10,17 @@
 [Unit]
 Description=Wait Until Kernel Time Synchronized
 Documentation=man:systemd-time-wait-sync.service(8)
+
+# Note that this tool doesn't need CAP_SYS_TIME itself, but it's primary
+# usecase is to run in conjunction with a local NTP service such as
+# systemd-timesyncd.service, which is conditioned this way. There might be
+# niche usecases where running this service independently is desired, but let's
+# make this all "just work" for the general case, and leave it to local
+# modifications to make it work in the remaining cases.
+
 ConditionCapability=CAP_SYS_TIME
 ConditionVirtualization=!container
+
 DefaultDependencies=no
 Before=time-sync.target shutdown.target
 Wants=time-sync.target