Launch dhcpcd using Minijail.
dhcpcd runs as root and listens on the network. Launch it using Minijail
so that we can run it as a regular user, mitigating the risk of an eventual
compromise.
Add a mock Minijail wrapper for unittesting.
BUG=chromium-os:28336
TEST=dhcp_config_unittest
TEST=network_netperf2
TEST=Manual connection to ethernet, GoogleGuest, Google-A.
CQ-DEPEND=I243e02c82f70c6a3469ca712e539ec9fb6e3e4d4
Change-Id: I14c4e843eba478ed39b10fa4fcb0e25eb3186c1a
Reviewed-on: https://gerrit.chromium.org/gerrit/20414
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/dhcp_config.h b/dhcp_config.h
index e66ee98..c850a9f 100644
--- a/dhcp_config.h
+++ b/dhcp_config.h
@@ -14,6 +14,7 @@
#include <gtest/gtest_prod.h> // for FRIEND_TEST
#include "shill/ipconfig.h"
+#include "shill/minijail.h"
namespace shill {
@@ -106,6 +107,7 @@
static const char kDHCPCDPathFormatLease[];
static const char kDHCPCDPathFormatPID[];
static const int kDHCPTimeoutSeconds;
+ static const char kDHCPCDUser[];
static const char kReasonBound[];
static const char kReasonFail[];
@@ -192,6 +194,8 @@
EventDispatcher *dispatcher_;
GLib *glib_;
+ Minijail *minijail_;
+
DISALLOW_COPY_AND_ASSIGN(DHCPConfig);
};