Once this change goes into gerrit it is possible to let gerrit be socket activated by systemd: https://gerrit-review.googlesource.com/#/c/89893/.

To make above work correctly on „Fedora 24 (Server Edition)“ you need to install those custom SELinux rules:

  1. gerrit-systemd-port80.te:
module gerrit-systemd-port80 1.0;

require {
    type unconfined_service_t;
    type init_t;
    class tcp_socket { bind create listen setopt };
}

#============= init_t ==============
allow init_t unconfined_service_t:tcp_socket { bind create listen setopt };
  1. systemd-java.te
module systemd-java 1.0;

require {
    type unconfined_service_t;
    type init_t;
    class process { noatsecure rlimitinh siginh };
}

#============= init_t ==============
allow init_t unconfined_service_t:process { noatsecure rlimitinh siginh };

see also Possible_Causes_of_Silent_Denials