`systemctl kill` leverages systemd's knowledge of the daemon's main PID, eliminating the need to rely on PID files or external tools like `killall` or `pkill`. This ensures precise signal sending to the intended process, reducing the risk of errors in process identification. Additionally, using `systemctl kill` logs the signal sending in the service's journal, providing a record of actions taken. Requires selinux-policy-41.43 or higher (see https://bugzilla.redhat.com/show_bug.cgi?id=2369644), available as an update for F41, F42, and Rawhide.

https://bodhi.fedoraproject.org/updates/FEDORA-2025-eb98eb9e24 (F41 -- will go to stable in a few days)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-f9f097f491 (F42 -- stable)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3db4c0ec1c (Rawhide)

The logrotate configuration snippet:

# cat /etc/logrotate.d/nginx
/var/log/nginx/*.log {
    create 0640 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

In the postrotate script, kill can be replaced by:

/usr/bin/systemctl kill --signal=USR1 --kill-whom=main nginx.service 2>/dev/null || true

Because:

# systemctl show -P MainPID nginx.service
1056
# cat /run/nginx.pid
1056

Curiosity: this modification was attempted 10 years ago and shortly afterward reverted because the SELinux policy did not allow it:

https://src.fedoraproject.org/rpms/nginx/c/149abb601c02f1e863cd8696478aa036d80113d1
https://src.fedoraproject.org/rpms/nginx/c/68a715e76dac5ee500b7b124afeb2a8c0c752314

This time, with the updated policy, it can be implemented.

Reproducible: Always




Additional Information:
nginx-1.26.3-1.fc42.x86_64