vpn: add support for spawning VPN client programs in minijail
Spawn VPN programs in a minijail if the --jail-vpn-clients command line
flag is passed. Also update unit tests.
Also make the openvpn config dir/file world-readable so it can be created
by shill user and accessed by openvpn user. If we think this file is
sensitive and shouldn't be world-readable then we could alternatively
make shill user belong to openvpn group and have shill chgrp() on the
file to openvpn. I didn't do that here for sake of simplicity but will
make that accomodation if anyone feels strongly about this.
BUG=chromium:649417
CQ-DEPEND=CL:1086231
TEST=unit tests pass, tested as part of larger sandbox shill debug CL
Change-Id: I1037c1e3b060e53a699411c197c5961f9cbc5527
Reviewed-on: https://chromium-review.googlesource.com/1087359
Commit-Ready: Micah Morton <mortonm@chromium.org>
Tested-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: Micah Morton <mortonm@chromium.org>
7 files changed