aquatic_udp: move privdrop code to crate root, use in glommio impl

2026-04-02 10:45:30 +00:00 · 2021-10-23 15:18:05 +02:00 · 2021-10-23 15:18:05 +02:00 · 0e58347ac4
commit 0e58347ac4
parent eafb88c345
4 changed files with 47 additions and 30 deletions
--- a/aquatic_udp/src/lib/lib.rs
+++ b/aquatic_udp/src/lib/lib.rs
@ -1,3 +1,11 @@
+use std::{
+    sync::{
+        atomic::{AtomicUsize, Ordering},
+        Arc,
+    },
+    time::Duration,
+};
+
 use cfg_if::cfg_if;

 pub mod common;
@ -7,6 +15,7 @@ pub mod glommio;
 pub mod mio;

 use config::Config;
+use privdrop::PrivDrop;

 pub const APP_NAME: &str = "aquatic_udp: UDP BitTorrent tracker";

@ -19,3 +28,35 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
        }
    }
 }
+
+fn drop_privileges_after_socket_binding(
+    config: &Config,
+    num_bound_sockets: Arc<AtomicUsize>,
+) -> anyhow::Result<()> {
+    if config.privileges.drop_privileges {
+        let mut counter = 0usize;
+
+        loop {
+            let sockets = num_bound_sockets.load(Ordering::SeqCst);
+
+            if sockets == config.socket_workers {
+                PrivDrop::default()
+                    .chroot(config.privileges.chroot_path.clone())
+                    .user(config.privileges.user.clone())
+                    .apply()?;
+
+                break;
+            }
+
+            ::std::thread::sleep(Duration::from_millis(10));
+
+            counter += 1;
+
+            if counter == 500 {
+                panic!("Sockets didn't bind in time for privilege drop.");
+            }
+        }
+    }
+
+    Ok(())
+}