iSulad/0070-isolate-sandboxer-code-by-using-macro.patch

From c1d445e178cd610f8a6d9156012c6c7922eed9c5 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Sat, 20 Apr 2024 11:24:18 +0800
Subject: [PATCH 1/2] isolate sandboxer code by using macro

Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
 cmake/options.cmake                                 | 2 +-
 src/daemon/common/cri/v1/v1_cri_helpers.cc          | 7 +++++++
 src/daemon/config/isulad_config.c                   | 2 ++
 src/daemon/sandbox/controller/CMakeLists.txt        | 2 +-
 src/daemon/sandbox/controller/controller_manager.cc | 6 ++++++
 src/daemon/sandbox/controller/controller_manager.h  | 2 ++
 6 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmake/options.cmake b/cmake/options.cmake
index c1eac472..a15b8194 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -51,7 +51,7 @@ if (ENABLE_CDI STREQUAL "ON")
     endif()
 endif()
 
-option(ENABLE_SANDBOXER "Enable sandbox API" ON)
+option(ENABLE_SANDBOXER "Enable sandbox API" OFF)
 if (ENABLE_SANDBOXER STREQUAL "ON")
     add_definitions(-DENABLE_SANDBOXER)
     set(ENABLE_SANDBOXER 1)
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index 520d23d4..1f797ad7 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -391,6 +391,7 @@ void GetContainerSandboxID(const std::string &containerID, std::string &realCont
     realContainerID = info->id;
 }
 
+#ifdef ENABLE_SANDBOXER
 std::string CRISandboxerConvert(const std::string &runtime)
 {
     std::string sandboxer;
@@ -429,6 +430,12 @@ out:
     (void)isulad_server_conf_unlock();
     return sandboxer;
 }
+#else
+std::string CRISandboxerConvert(const std::string &runtime)
+{
+    return DEFAULT_SANDBOXER_NAME;
+}
+#endif
 
 void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,
                                              Errors &error)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 695a0d95..617db7a2 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1757,8 +1757,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
     args->json_confs->runtimes = tmp_json_confs->runtimes;
     tmp_json_confs->runtimes = NULL;
 #ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
     args->json_confs->cri_sandboxers = tmp_json_confs->cri_sandboxers;
     tmp_json_confs->cri_sandboxers = NULL;
+#endif
     args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1;
     args->json_confs->enable_pod_events = tmp_json_confs->enable_pod_events;
 #endif
diff --git a/src/daemon/sandbox/controller/CMakeLists.txt b/src/daemon/sandbox/controller/CMakeLists.txt
index f846657a..8764c05b 100644
--- a/src/daemon/sandbox/controller/CMakeLists.txt
+++ b/src/daemon/sandbox/controller/CMakeLists.txt
@@ -9,7 +9,7 @@ set(local_sandbox_controller_top_incs
     ${CMAKE_CURRENT_SOURCE_DIR}
     )
 
-if (ENABLE_SANDBOXER)
+if (ENABLE_CRI_API_V1 AND ENABLE_SANDBOXER)
     add_subdirectory(sandboxer)
     list (APPEND local_sandbox_controller_top_srcs
         ${CONTROLLER_SANDBOXER_SRCS}
diff --git a/src/daemon/sandbox/controller/controller_manager.cc b/src/daemon/sandbox/controller/controller_manager.cc
index 21c6f5fe..91c98d26 100644
--- a/src/daemon/sandbox/controller/controller_manager.cc
+++ b/src/daemon/sandbox/controller/controller_manager.cc
@@ -20,7 +20,9 @@
 #include <isula_libutils/defs.h>
 
 #include "shim_controller.h"
+#ifdef ENABLE_SANDBOXER
 #include "sandboxer_controller.h"
+#endif
 #include "isulad_config.h"
 #include "daemon_arguments.h"
 
@@ -44,10 +46,12 @@ bool ControllerManager::Init(Errors &error)
         return false;
     }
 
+#ifdef ENABLE_SANDBOXER
     // Initialize sandboxer controller
     if (!RegisterAllSandboxerControllers(error)) {
         return false;
     }
+#endif
     return true;
 }
 
@@ -75,6 +79,7 @@ auto ControllerManager::RegisterShimController(Errors &error) -> bool
     return true;
 }
 
+#ifdef ENABLE_SANDBOXER
 auto ControllerManager::RegisterAllSandboxerControllers(Errors &error) -> bool
 {
     std::map<std::string, std::string> config;
@@ -160,6 +165,7 @@ auto ControllerManager::RegisterSandboxerController(const std::string &sandboxer
     INFO("Sandboxer controller initialized successfully, sandboxer: %s", sandboxer.c_str());
     return true;
 }
+#endif
 
 auto ControllerManager::GetController(const std::string &name) -> std::shared_ptr<Controller>
 {
diff --git a/src/daemon/sandbox/controller/controller_manager.h b/src/daemon/sandbox/controller/controller_manager.h
index 28b52c2f..3fd547cf 100644
--- a/src/daemon/sandbox/controller/controller_manager.h
+++ b/src/daemon/sandbox/controller/controller_manager.h
@@ -31,9 +31,11 @@ public:
     auto GetController(const std::string &name) -> std::shared_ptr<Controller>;
 private:
     auto RegisterShimController(Errors &error) -> bool;
+#ifdef ENABLE_SANDBOXER
     auto RegisterAllSandboxerControllers(Errors &error) -> bool;
     auto LoadSandboxerControllersConfig(std::map<std::string, std::string> &config) -> bool;
     auto RegisterSandboxerController(const std::string &sandboxer, const std::string &address, Errors &error) -> bool;
+#endif
 
 protected:
     std::map<std::string, std::shared_ptr<Controller>> m_controllers;
-- 
2.34.1
upgrade from upstream 2024-04-20 10:00:53 +08:00			`From c1d445e178cd610f8a6d9156012c6c7922eed9c5 Mon Sep 17 00:00:00 2001`
			`From: xuxuepeng <xuxuepeng1@huawei.com>`
			`Date: Sat, 20 Apr 2024 11:24:18 +0800`
			`Subject: [PATCH 1/2] isolate sandboxer code by using macro`

			`Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>`
			`---`
			`cmake/options.cmake \| 2 +-`
			`src/daemon/common/cri/v1/v1_cri_helpers.cc \| 7 +++++++`
			`src/daemon/config/isulad_config.c \| 2 ++`
			`src/daemon/sandbox/controller/CMakeLists.txt \| 2 +-`
			`src/daemon/sandbox/controller/controller_manager.cc \| 6 ++++++`
			`src/daemon/sandbox/controller/controller_manager.h \| 2 ++`
			`6 files changed, 19 insertions(+), 2 deletions(-)`

			`diff --git a/cmake/options.cmake b/cmake/options.cmake`
			`index c1eac472..a15b8194 100644`
			`--- a/cmake/options.cmake`
			`+++ b/cmake/options.cmake`
			`@@ -51,7 +51,7 @@ if (ENABLE_CDI STREQUAL "ON")`
			`endif()`
			`endif()`

			`-option(ENABLE_SANDBOXER "Enable sandbox API" ON)`
			`+option(ENABLE_SANDBOXER "Enable sandbox API" OFF)`
			`if (ENABLE_SANDBOXER STREQUAL "ON")`
			`add_definitions(-DENABLE_SANDBOXER)`
			`set(ENABLE_SANDBOXER 1)`
			`diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc`
			`index 520d23d4..1f797ad7 100644`
			`--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc`
			`+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc`
			`@@ -391,6 +391,7 @@ void GetContainerSandboxID(const std::string &containerID, std::string &realCont`
			`realContainerID = info->id;`
			`}`

			`+#ifdef ENABLE_SANDBOXER`
			`std::string CRISandboxerConvert(const std::string &runtime)`
			`{`
			`std::string sandboxer;`
			`@@ -429,6 +430,12 @@ out:`
			`(void)isulad_server_conf_unlock();`
			`return sandboxer;`
			`}`
			`+#else`
			`+std::string CRISandboxerConvert(const std::string &runtime)`
			`+{`
			`+ return DEFAULT_SANDBOXER_NAME;`
			`+}`
			`+#endif`

			`void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,`
			`Errors &error)`
			`diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c`
			`index 695a0d95..617db7a2 100644`
			`--- a/src/daemon/config/isulad_config.c`
			`+++ b/src/daemon/config/isulad_config.c`
			`@@ -1757,8 +1757,10 @@ int merge_json_confs_into_global(struct service_arguments *args)`
			`args->json_confs->runtimes = tmp_json_confs->runtimes;`
			`tmp_json_confs->runtimes = NULL;`
			`#ifdef ENABLE_CRI_API_V1`
			`+#ifdef ENABLE_SANDBOXER`
			`args->json_confs->cri_sandboxers = tmp_json_confs->cri_sandboxers;`
			`tmp_json_confs->cri_sandboxers = NULL;`
			`+#endif`
			`args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1;`
			`args->json_confs->enable_pod_events = tmp_json_confs->enable_pod_events;`
			`#endif`
			`diff --git a/src/daemon/sandbox/controller/CMakeLists.txt b/src/daemon/sandbox/controller/CMakeLists.txt`
			`index f846657a..8764c05b 100644`
			`--- a/src/daemon/sandbox/controller/CMakeLists.txt`
			`+++ b/src/daemon/sandbox/controller/CMakeLists.txt`
			`@@ -9,7 +9,7 @@ set(local_sandbox_controller_top_incs`
			`${CMAKE_CURRENT_SOURCE_DIR}`
			`)`

			`-if (ENABLE_SANDBOXER)`
			`+if (ENABLE_CRI_API_V1 AND ENABLE_SANDBOXER)`
			`add_subdirectory(sandboxer)`
			`list (APPEND local_sandbox_controller_top_srcs`
			`${CONTROLLER_SANDBOXER_SRCS}`
			`diff --git a/src/daemon/sandbox/controller/controller_manager.cc b/src/daemon/sandbox/controller/controller_manager.cc`
			`index 21c6f5fe..91c98d26 100644`
			`--- a/src/daemon/sandbox/controller/controller_manager.cc`
			`+++ b/src/daemon/sandbox/controller/controller_manager.cc`
			`@@ -20,7 +20,9 @@`
			`#include <isula_libutils/defs.h>`

			`#include "shim_controller.h"`
			`+#ifdef ENABLE_SANDBOXER`
			`#include "sandboxer_controller.h"`
			`+#endif`
			`#include "isulad_config.h"`
			`#include "daemon_arguments.h"`

			`@@ -44,10 +46,12 @@ bool ControllerManager::Init(Errors &error)`
			`return false;`
			`}`

			`+#ifdef ENABLE_SANDBOXER`
			`// Initialize sandboxer controller`
			`if (!RegisterAllSandboxerControllers(error)) {`
			`return false;`
			`}`
			`+#endif`
			`return true;`
			`}`

			`@@ -75,6 +79,7 @@ auto ControllerManager::RegisterShimController(Errors &error) -> bool`
			`return true;`
			`}`

			`+#ifdef ENABLE_SANDBOXER`
			`auto ControllerManager::RegisterAllSandboxerControllers(Errors &error) -> bool`
			`{`
			`std::map<std::string, std::string> config;`
			`@@ -160,6 +165,7 @@ auto ControllerManager::RegisterSandboxerController(const std::string &sandboxer`
			`INFO("Sandboxer controller initialized successfully, sandboxer: %s", sandboxer.c_str());`
			`return true;`
			`}`
			`+#endif`

			`auto ControllerManager::GetController(const std::string &name) -> std::shared_ptr<Controller>`
			`{`
			`diff --git a/src/daemon/sandbox/controller/controller_manager.h b/src/daemon/sandbox/controller/controller_manager.h`
			`index 28b52c2f..3fd547cf 100644`
			`--- a/src/daemon/sandbox/controller/controller_manager.h`
			`+++ b/src/daemon/sandbox/controller/controller_manager.h`
			`@@ -31,9 +31,11 @@ public:`
			`auto GetController(const std::string &name) -> std::shared_ptr<Controller>;`
			`private:`
			`auto RegisterShimController(Errors &error) -> bool;`
			`+#ifdef ENABLE_SANDBOXER`
			`auto RegisterAllSandboxerControllers(Errors &error) -> bool;`
			`auto LoadSandboxerControllersConfig(std::map<std::string, std::string> &config) -> bool;`
			`auto RegisterSandboxerController(const std::string &sandboxer, const std::string &address, Errors &error) -> bool;`
			`+#endif`

			`protected:`
			`std::map<std::string, std::shared_ptr<Controller>> m_controllers;`
			`--`
			`2.34.1`