From 94e316bfea2eae48b516aaebe5f33bb11e1fe54d Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Tue, 9 Jun 2020 10:03:04 +0200 Subject: [PATCH] user_namespaces.7: Clarify "system time" MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit From an email conversation with Léo Stefanesco: > In the man7.org version of the man page for user_namespaces(7), it reads: > > there are many privileged operations that affect > resources that are not associated with any namespace type, > for example, changing the system time > (governed by CAP_SYS_TIME) > > which is not consistent with time_namespaces(7). In fact, strictly peaking the text still is correct, even after the arrival of time namespaces. Time namespaces virtualize only the boot-time and monotonic clocks, not the "real time" (i.e., calendar time), which is the time referred in the passage you quote. That said, the text is perhaps now a little misleading, and a little clarification would help. I changed the text to: there are many privileged operations that affect resources are not associated with any namespace type, for example, changing the system **(i.e., calendar)** time (governed by CAP_SYS_TIME) Reported-by: Léo Stefanesco Signed-off-by: Michael Kerrisk --- man7/user_namespaces.7 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index 9077498a2c..c497063103 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -235,7 +235,7 @@ namespaces owned by (associated with) the user namespace .PP On the other hand, there are many privileged operations that affect resources that are not associated with any namespace type, -for example, changing the system time (governed by +for example, changing the system (i.e., calendar) time (governed by .BR CAP_SYS_TIME ), loading a kernel module (governed by .BR CAP_SYS_MODULE ), -- 2.47.2