Times change and so do best practices.
The current best way to do this is to run systemctl edit myservice
, which will create an override file for you or let you edit an existing one.
In normal installations this will create a directory /etc/systemd/system/myservice.service.d
, and inside that directory create a file whose name ends in .conf
(typically, override.conf
), and in this file you can add to or override any part of the unit shipped by the distribution.
For instance, in a file /etc/systemd/system/myservice.service.d/myenv.conf
:
[Service]
Environment="SECRET=pGNqduRFkB4K9C2vijOmUDa2kPtUhArN"
Environment="ANOTHER_SECRET=JP8YLOc2bsNlrGuD6LVTq7L36obpjzxd"
Also note that if the directory exists and is empty, your service will be disabled! If you don't intend to put something in the directory, ensure that it does not exist.
For reference, the old way was:
The recommended way to do this is to create a file /etc/sysconfig/myservice
which contains your variables, and then load them with EnvironmentFile
.
For complete details, see Fedora's documentation on how to write a systemd script.
After you make changes to your unit file, you should run systemctl daemon-reload
, as outlined here.
daemon-reload
Reload systemd manager configuration. This will rerun all generators (see systemd.generator(7)), reload all unit files, and recreate the entire dependency tree. While the daemon is being reloaded, all sockets systemd listens on behalf of user configuration will stay accessible.
You can then restart (or reload) your service as you desire with
systemctl restart your-service-name
(daemon-reload won't reload/restart the services themselves, just makes systemd aware of the new configuration)
Best Answer
You could run that process as unconfined so it would have the same rights as if SELinux was disabled.
You can read more about unconfined processes in Red Hat documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html