From c5beecca19f02cc81408d2ed942d96f9724091d5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Mar 2018 21:41:54 +0100
Subject: [PATCH] units: document why systemd-time-wait-sync.service conditions
 on CAP_SYS_TIME (#8555)

As requested by @evverx in https://github.com/systemd/systemd/pull/8537#issuecomment-375122615
---
 units/systemd-time-wait-sync.service.in | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/units/systemd-time-wait-sync.service.in b/units/systemd-time-wait-sync.service.in
index bed4177916..475182d6bc 100644
--- a/units/systemd-time-wait-sync.service.in
+++ b/units/systemd-time-wait-sync.service.in
@@ -10,8 +10,17 @@
 [Unit]
 Description=Wait Until Kernel Time Synchronized
 Documentation=man:systemd-time-wait-sync.service(8)
+
+# Note that this tool doesn't need CAP_SYS_TIME itself, but it's primary
+# usecase is to run in conjunction with a local NTP service such as
+# systemd-timesyncd.service, which is conditioned this way. There might be
+# niche usecases where running this service independently is desired, but let's
+# make this all "just work" for the general case, and leave it to local
+# modifications to make it work in the remaining cases.
+
 ConditionCapability=CAP_SYS_TIME
 ConditionVirtualization=!container
+
 DefaultDependencies=no
 Before=time-sync.target shutdown.target
 Wants=time-sync.target