http_private: use PrivilegeDropper

aquatic_http_private/src/lib.rs

@@ -4,7 +4,9 @@ mod workers;
 
 use std::{collections::VecDeque, sync::Arc};
 
-use aquatic_common::{rustls_config::create_rustls_config, PanicSentinelWatcher};
+use aquatic_common::{
+    privileges::PrivilegeDropper, rustls_config::create_rustls_config, PanicSentinelWatcher,
+};
 use common::ChannelRequestSender;
 use dotenv::dotenv;
 use signal_hook::{consts::SIGTERM, iterator::Signals};
@@ -36,6 +38,8 @@ pub fn run(config: Config) -> anyhow::Result<()> {
     }
 
     let (sentinel_watcher, sentinel) = PanicSentinelWatcher::create_with_sentinel();
+    let priv_dropper = PrivilegeDropper::new(config.privileges.clone(), config.socket_workers);
+
     let mut handles = Vec::new();
 
     for _ in 0..config.socket_workers {
@@ -43,11 +47,18 @@ pub fn run(config: Config) -> anyhow::Result<()> {
         let config = config.clone();
         let tls_config = tls_config.clone();
         let request_sender = ChannelRequestSender::new(request_senders.clone());
+        let priv_dropper = priv_dropper.clone();
 
         let handle = ::std::thread::Builder::new()
             .name("socket".into())
             .spawn(move || {
-                workers::socket::run_socket_worker(sentinel, config, tls_config, request_sender)
+                workers::socket::run_socket_worker(
+                    sentinel,
+                    config,
+                    tls_config,
+                    request_sender,
+                    priv_dropper,
+                )
             })?;
 
         handles.push(handle);