`systemctl kill` leverages systemd's knowledge of the daemon's main PID, eliminating the need to rely on PID files or external tools like `killall` or `pkill`. This ensures precise signal sending to the intended process, reducing the risk of errors in process identification. Additionally, using `systemctl kill` logs the signal sending in the service's journal, providing a record of actions taken. Requires selinux-policy-41.43 or higher (see https://bugzilla.redhat.com/show_bug.cgi?id=2369644), available as an update for F41, F42, and Rawhide.

https://bodhi.fedoraproject.org/updates/FEDORA-2025-eb98eb9e24 (F41 -- will go to stable in a few days)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-f9f097f491 (F42 -- stable)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3db4c0ec1c (Rawhide)

The logrotate configuration snippet:

# cat /etc/logrotate.d/sssd
/var/log/sssd/*.log {
    weekly
    missingok
    notifempty
    sharedscripts
    rotate 2
    compress
    delaycompress
    su sssd sssd
    postrotate
        /bin/kill -HUP `cat /run/sssd/sssd.pid 2>/dev/null` 2> /dev/null || true
        /bin/pkill -HUP sssd_kcm 2> /dev/null || true
    endscript
}

In the postrotate script, kill and pkill can be replaced by:

/usr/bin/systemctl kill --signal=HUP --kill-whom=main sssd.service sssd-kcm.service 2>/dev/null || true

Because:

# systemctl show -P MainPID sssd.service
1225
# cat /run/sssd/sssd.pid
1225

# systemctl show -P MainPID sssd-kcm.service
1447
# pgrep sssd_kcm
1447

Reproducible: Always




Additional Information:
sssd-common-2.11.0-1.fc42.x86_64