Let kore_worker_privdrop() take user and chroot.

This will make it easier when the keymgr gets its own user/chroot settings.

include/kore/kore.h

@@ -519,10 +519,10 @@ void		kore_signal_setup(void);
 void		kore_worker_wait(int);
 void		kore_worker_init(void);
 void		kore_worker_shutdown(void);
-void		kore_worker_privdrop(void);
 void		kore_worker_dispatch_signal(int);
 void		kore_worker_spawn(u_int16_t, u_int16_t);
 void		kore_worker_entry(struct kore_worker *);
+void		kore_worker_privdrop(const char *, const char *);
 
 struct kore_worker	*kore_worker_data(u_int8_t);
 

src/keymgr.c

@@ -79,7 +79,7 @@ kore_keymgr_run(void)
 	kore_module_cleanup();
 
 	kore_domain_callback(keymgr_load_privatekey);
-	kore_worker_privdrop();
+	kore_worker_privdrop(runas_user, chroot_path);
 
 	net_init();
 	kore_connection_init();

src/worker.c

@@ -219,7 +219,7 @@ kore_worker_dispatch_signal(int sig)
 }
 
 void
-kore_worker_privdrop(void)
+kore_worker_privdrop(const char *runas, const char *root)
 {
 	rlim_t			fd;
 	struct rlimit		rl;
@@ -227,17 +227,17 @@ kore_worker_privdrop(void)
 
 	/* Must happen before chroot. */
 	if (skip_runas == 0) {
-		pw = getpwnam(runas_user);
+		pw = getpwnam(runas);
 		if (pw == NULL) {
-			fatal("cannot getpwnam(\"%s\") runas user: %s",
-			    runas_user, errno_s);
+			fatal("cannot getpwnam(\"%s\") for user: %s",
+			    runas, errno_s);
 		}
 	}
 
 	if (skip_chroot == 0) {
-		if (chroot(chroot_path) == -1) {
+		if (chroot(root) == -1) {
 			fatal("cannot chroot(\"%s\"): %s",
-			    chroot_path, errno_s);
+			    root, errno_s);
 		}
 
 		if (chdir("/") == -1)
@@ -309,7 +309,7 @@ kore_worker_entry(struct kore_worker *kw)
 	}
 #endif
 
-	kore_worker_privdrop();
+	kore_worker_privdrop(runas_user, chroot_path);
 
 	net_init();
 #if !defined(KORE_NO_HTTP)