user_namespaces.7: Clarify "system time"

From an email conversation with Léo Stefanesco:

> In the man7.org version of the man page for user_namespaces(7), it reads:
>
>    there are many privileged operations that affect
>    resources that are not associated with any namespace type,
>    for example, changing the system time
>    (governed by CAP_SYS_TIME)
>
> which is not consistent with time_namespaces(7).

In fact, strictly peaking the text still is correct, even after
the arrival of time namespaces.

Time namespaces virtualize only the boot-time and monotonic
clocks, not the "real time" (i.e., calendar time), which is the
time referred in the passage you quote.

That said, the text is perhaps now a little misleading, and
a little clarification would help. I changed the text to:

    there are many privileged operations that affect
    resources are not associated with any namespace type,
    for example, changing the system **(i.e., calendar)** time
    (governed by CAP_SYS_TIME)

Reported-by: Léo Stefanesco <leo.lveb@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 9077498a2ce6c2d2f49cbfa5b30ac5f0b936a493..c4970631030a1ad5b414d905363e1f124fb3fdb7 100644 (file)
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -235,7 +235,7 @@ namespaces owned by (associated with) the user namespace
 .PP
 On the other hand, there are many privileged operations that affect
 resources that are not associated with any namespace type,
-for example, changing the system time (governed by
+for example, changing the system (i.e., calendar) time (governed by
 .BR CAP_SYS_TIME ),
 loading a kernel module (governed by
 .BR CAP_SYS_MODULE ),