aquatic_udp: move privdrop code to crate root, use in glommio impl

TODO.md

@@ -1,7 +1,6 @@
 # TODO
 
 * aquatic_udp glommio
-  * privdrop
   * disable by default!
 
 * access lists:

aquatic_udp/src/lib/glommio/mod.rs

@@ -5,6 +5,7 @@ use glommio::channels::channel_mesh::MeshBuilder;
 use glommio::prelude::*;
 
 use crate::config::Config;
+use crate::drop_privileges_after_socket_binding;
 
 mod common;
 pub mod handlers;
@@ -87,6 +88,8 @@ pub fn run(config: Config) -> anyhow::Result<()> {
         executors.push(executor);
     }
 
+    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
+
     for executor in executors {
         executor
             .expect("failed to spawn local executor")

aquatic_udp/src/lib/lib.rs

@@ -1,3 +1,11 @@
+use std::{
+    sync::{
+        atomic::{AtomicUsize, Ordering},
+        Arc,
+    },
+    time::Duration,
+};
+
 use cfg_if::cfg_if;
 
 pub mod common;
@@ -7,6 +15,7 @@ pub mod glommio;
 pub mod mio;
 
 use config::Config;
+use privdrop::PrivDrop;
 
 pub const APP_NAME: &str = "aquatic_udp: UDP BitTorrent tracker";
 
@@ -19,3 +28,35 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
         }
     }
 }
+
+fn drop_privileges_after_socket_binding(
+    config: &Config,
+    num_bound_sockets: Arc<AtomicUsize>,
+) -> anyhow::Result<()> {
+    if config.privileges.drop_privileges {
+        let mut counter = 0usize;
+
+        loop {
+            let sockets = num_bound_sockets.load(Ordering::SeqCst);
+
+            if sockets == config.socket_workers {
+                PrivDrop::default()
+                    .chroot(config.privileges.chroot_path.clone())
+                    .user(config.privileges.user.clone())
+                    .apply()?;
+
+                break;
+            }
+
+            ::std::thread::sleep(Duration::from_millis(10));
+
+            counter += 1;
+
+            if counter == 500 {
+                panic!("Sockets didn't bind in time for privilege drop.");
+            }
+        }
+    }
+
+    Ok(())
+}

aquatic_udp/src/lib/mio/mod.rs

@@ -2,15 +2,11 @@ use std::thread::Builder;
 use std::time::Duration;
 use std::{
     ops::Deref,
-    sync::{
+    sync::{atomic::AtomicUsize, Arc},
-        atomic::{AtomicUsize, Ordering},
-        Arc,
-    },
 };
 
 use anyhow::Context;
 use crossbeam_channel::unbounded;
-use privdrop::PrivDrop;
 
 pub mod common;
 pub mod handlers;
@@ -20,6 +16,7 @@ pub mod tasks;
 use aquatic_common::access_list::{AccessListArcSwap, AccessListMode, AccessListQuery};
 
 use crate::config::Config;
+use crate::drop_privileges_after_socket_binding;
 
 use common::State;
 
@@ -38,30 +35,7 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
 
     start_workers(config.clone(), state.clone(), num_bound_sockets.clone())?;
 
-    if config.privileges.drop_privileges {
+    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
-        let mut counter = 0usize;
-
-        loop {
-            let sockets = num_bound_sockets.load(Ordering::SeqCst);
-
-            if sockets == config.socket_workers {
-                PrivDrop::default()
-                    .chroot(config.privileges.chroot_path.clone())
-                    .user(config.privileges.user.clone())
-                    .apply()?;
-
-                break;
-            }
-
-            ::std::thread::sleep(Duration::from_millis(10));
-
-            counter += 1;
-
-            if counter == 500 {
-                panic!("Sockets didn't bind in time for privilege drop.");
-            }
-        }
-    }
 
     loop {
         ::std::thread::sleep(Duration::from_secs(config.cleaning.interval));