代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/iSulad 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From c1d445e178cd610f8a6d9156012c6c7922eed9c5 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Sat, 20 Apr 2024 11:24:18 +0800
Subject: [PATCH 1/2] isolate sandboxer code by using macro
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
cmake/options.cmake | 2 +-
src/daemon/common/cri/v1/v1_cri_helpers.cc | 7 +++++++
src/daemon/config/isulad_config.c | 2 ++
src/daemon/sandbox/controller/CMakeLists.txt | 2 +-
src/daemon/sandbox/controller/controller_manager.cc | 6 ++++++
src/daemon/sandbox/controller/controller_manager.h | 2 ++
6 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index c1eac472..a15b8194 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -51,7 +51,7 @@ if (ENABLE_CDI STREQUAL "ON")
endif()
endif()
-option(ENABLE_SANDBOXER "Enable sandbox API" ON)
+option(ENABLE_SANDBOXER "Enable sandbox API" OFF)
if (ENABLE_SANDBOXER STREQUAL "ON")
add_definitions(-DENABLE_SANDBOXER)
set(ENABLE_SANDBOXER 1)
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index 520d23d4..1f797ad7 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -391,6 +391,7 @@ void GetContainerSandboxID(const std::string &containerID, std::string &realCont
realContainerID = info->id;
}
+#ifdef ENABLE_SANDBOXER
std::string CRISandboxerConvert(const std::string &runtime)
{
std::string sandboxer;
@@ -429,6 +430,12 @@ out:
(void)isulad_server_conf_unlock();
return sandboxer;
}
+#else
+std::string CRISandboxerConvert(const std::string &runtime)
+{
+ return DEFAULT_SANDBOXER_NAME;
+}
+#endif
void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,
Errors &error)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 695a0d95..617db7a2 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1757,8 +1757,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->runtimes = tmp_json_confs->runtimes;
tmp_json_confs->runtimes = NULL;
#ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
args->json_confs->cri_sandboxers = tmp_json_confs->cri_sandboxers;
tmp_json_confs->cri_sandboxers = NULL;
+#endif
args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1;
args->json_confs->enable_pod_events = tmp_json_confs->enable_pod_events;
#endif
diff --git a/src/daemon/sandbox/controller/CMakeLists.txt b/src/daemon/sandbox/controller/CMakeLists.txt
index f846657a..8764c05b 100644
--- a/src/daemon/sandbox/controller/CMakeLists.txt
+++ b/src/daemon/sandbox/controller/CMakeLists.txt
@@ -9,7 +9,7 @@ set(local_sandbox_controller_top_incs
${CMAKE_CURRENT_SOURCE_DIR}
)
-if (ENABLE_SANDBOXER)
+if (ENABLE_CRI_API_V1 AND ENABLE_SANDBOXER)
add_subdirectory(sandboxer)
list (APPEND local_sandbox_controller_top_srcs
${CONTROLLER_SANDBOXER_SRCS}
diff --git a/src/daemon/sandbox/controller/controller_manager.cc b/src/daemon/sandbox/controller/controller_manager.cc
index 21c6f5fe..91c98d26 100644
--- a/src/daemon/sandbox/controller/controller_manager.cc
+++ b/src/daemon/sandbox/controller/controller_manager.cc
@@ -20,7 +20,9 @@
#include <isula_libutils/defs.h>
#include "shim_controller.h"
+#ifdef ENABLE_SANDBOXER
#include "sandboxer_controller.h"
+#endif
#include "isulad_config.h"
#include "daemon_arguments.h"
@@ -44,10 +46,12 @@ bool ControllerManager::Init(Errors &error)
return false;
}
+#ifdef ENABLE_SANDBOXER
// Initialize sandboxer controller
if (!RegisterAllSandboxerControllers(error)) {
return false;
}
+#endif
return true;
}
@@ -75,6 +79,7 @@ auto ControllerManager::RegisterShimController(Errors &error) -> bool
return true;
}
+#ifdef ENABLE_SANDBOXER
auto ControllerManager::RegisterAllSandboxerControllers(Errors &error) -> bool
{
std::map<std::string, std::string> config;
@@ -160,6 +165,7 @@ auto ControllerManager::RegisterSandboxerController(const std::string &sandboxer
INFO("Sandboxer controller initialized successfully, sandboxer: %s", sandboxer.c_str());
return true;
}
+#endif
auto ControllerManager::GetController(const std::string &name) -> std::shared_ptr<Controller>
{
diff --git a/src/daemon/sandbox/controller/controller_manager.h b/src/daemon/sandbox/controller/controller_manager.h
index 28b52c2f..3fd547cf 100644
--- a/src/daemon/sandbox/controller/controller_manager.h
+++ b/src/daemon/sandbox/controller/controller_manager.h
@@ -31,9 +31,11 @@ public:
auto GetController(const std::string &name) -> std::shared_ptr<Controller>;
private:
auto RegisterShimController(Errors &error) -> bool;
+#ifdef ENABLE_SANDBOXER
auto RegisterAllSandboxerControllers(Errors &error) -> bool;
auto LoadSandboxerControllersConfig(std::map<std::string, std::string> &config) -> bool;
auto RegisterSandboxerController(const std::string &sandboxer, const std::string &address, Errors &error) -> bool;
+#endif
protected:
std::map<std::string, std::shared_ptr<Controller>> m_controllers;
--
2.34.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手