Add privileged services

This allows running things like kfcgi which do their own privilege
dropping and chrooting. Need to update the examples with something like
that.

catsit.conf.5

@@ -1,4 +1,4 @@
-.Dd August 13, 2020
+.Dd August 16, 2020
 .Dt CATSIT.CONF 5
 .Os
 .
@@ -45,6 +45,19 @@ is executed using the shell.
 The shell variable
 .Va $0
 is set to the name of the service.
+.
+.It Ar @service Ar command ...
+Service names beginning with
+.Ql @
+define
+.Em privileged
+services,
+which are started with the same user and group as
+.Xr catsitd 8 .
+This can be used for services
+which drop their own privileges
+or which call
+.Xr chroot 2 .
 .El
 .
 .Sh EXAMPLES

daemon.h

@@ -112,6 +112,7 @@ enum State {
 struct Service {
 	char *name;
 	char *command;
+	bool privileged;
 	enum State intent;
 	enum State state;
 	pid_t pid;

service.c

@@ -100,6 +100,8 @@ int serviceAdd(const char *name, const char *command) {
 	service->command = strdup(command);
 	if (!service->command) goto err;
 
+	if (name[0] == '@') service->privileged = true;
+
 	int error = pipe2(service->outPipe, O_CLOEXEC);
 	if (error) goto err;
 
@@ -181,14 +183,16 @@ void serviceStart(struct Service *service) {
 	int error = chdir(serviceDir);
 	if (error) err(ExitNoExec, "%s", serviceDir);
 
-	error = setgid(serviceGID);
-	if (error) err(ExitNoExec, "setgid");
+	if (!service->privileged) {
+		error = setgid(serviceGID);
+		if (error) err(ExitNoExec, "setgid");
 
-	error = setgroups(1, &serviceGID);
-	if (error) err(ExitNoExec, "setgroups");
+		error = setgroups(1, &serviceGID);
+		if (error) err(ExitNoExec, "setgroups");
 
-	error = setuid(serviceUID);
-	if (error) err(ExitNoExec, "setuid");
+		error = setuid(serviceUID);
+		if (error) err(ExitNoExec, "setuid");
+	}
 
 	size_t len = 0;
 	char command[ARG_MAX];