udp, http: move privilege drop code into aquatic_common

2026-03-31 17:55:36 +00:00 · 2021-10-27 20:49:15 +02:00 · 2021-10-27 20:49:15 +02:00 · d6d5cc78b7
commit d6d5cc78b7
parent ead7650d41
11 changed files with 72 additions and 87 deletions
--- a/aquatic_http/src/lib/config.rs
+++ b/aquatic_http/src/lib/config.rs
@ -1,6 +1,6 @@
 use std::{net::SocketAddr, path::PathBuf};

-use aquatic_common::access_list::AccessListConfig;
+use aquatic_common::{access_list::AccessListConfig, privileges::PrivilegeConfig};
 use aquatic_common::cpu_pinning::CpuPinningConfig;
 use serde::{Deserialize, Serialize};

@ -94,17 +94,6 @@ pub struct StatisticsConfig {
    pub interval: u64,
 }

-#[derive(Clone, Debug, Serialize, Deserialize)]
-#[serde(default)]
-pub struct PrivilegeConfig {
-    /// Chroot and switch user after binding to sockets
-    pub drop_privileges: bool,
-    /// Chroot to this path
-    pub chroot_path: String,
-    /// User to switch to after chrooting
-    pub user: String,
-}
-
 impl Default for Config {
    fn default() -> Self {
        Self {
@ -118,7 +107,7 @@ impl Default for Config {
            statistics: StatisticsConfig::default(),
            privileges: PrivilegeConfig::default(),
            access_list: AccessListConfig::default(),
-            cpu_pinning: CpuPinningConfig::default(),
+            cpu_pinning: Default::default(),
        }
    }
 }
@ -171,16 +160,6 @@ impl Default for StatisticsConfig {
    }
 }

-impl Default for PrivilegeConfig {
-    fn default() -> Self {
-        Self {
-            drop_privileges: false,
-            chroot_path: ".".to_string(),
-            user: "nobody".to_string(),
-        }
-    }
-}
-
 impl Default for TlsConfig {
    fn default() -> Self {
        Self {
--- a/aquatic_http/src/lib/glommio/mod.rs
+++ b/aquatic_http/src/lib/glommio/mod.rs
@ -4,7 +4,7 @@ use std::{
    sync::{atomic::AtomicUsize, Arc},
 };

-use aquatic_common::access_list::AccessList;
+use aquatic_common::{access_list::AccessList, privileges::drop_privileges_after_socket_binding};
 use glommio::{channels::channel_mesh::MeshBuilder, prelude::*};

 use crate::config::Config;
@ -94,7 +94,7 @@ pub fn run(config: Config) -> anyhow::Result<()> {
        executors.push(executor);
    }

-    // drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
+    drop_privileges_after_socket_binding(&config.privileges, num_bound_sockets, config.socket_workers).unwrap();

    for executor in executors {
        executor