summaryrefslogtreecommitdiff
path: root/0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
diff options
context:
space:
mode:
Diffstat (limited to '0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch')
-rw-r--r--0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch1167
1 files changed, 1167 insertions, 0 deletions
diff --git a/0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch b/0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
new file mode 100644
index 0000000..ec48baa
--- /dev/null
+++ b/0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
@@ -0,0 +1,1167 @@
+From 16da66344854a75ce7a9d7908e0a75732eb147dc Mon Sep 17 00:00:00 2001
+From: liuxu <liuxu156@huawei.com>
+Date: Wed, 27 Nov 2024 15:11:57 +0800
+Subject: [PATCH 01/11] sandbox: del shim_sandbox and change sandbox ops
+
+Signed-off-by: liuxu <liuxu156@huawei.com>
+---
+ src/daemon/sandbox/sandbox.cc | 28 ++
+ src/daemon/sandbox/sandbox.h | 15 +-
+ src/daemon/sandbox/sandbox_manager.cc | 9 +-
+ src/daemon/sandbox/sandbox_ops.cc | 363 +---------------
+ .../sandbox/sandboxer/sandboxer_sandbox.cc | 401 ++++++++++++++++++
+ .../sandbox/sandboxer/sandboxer_sandbox.h | 33 +-
+ src/daemon/sandbox/shim/shim_sandbox.cc | 65 ---
+ src/daemon/sandbox/shim/shim_sandbox.h | 49 ---
+ 8 files changed, 469 insertions(+), 494 deletions(-)
+ delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.cc
+ delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.h
+
+diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
+index 3715e5e0..d105d71a 100644
+--- a/src/daemon/sandbox/sandbox.cc
++++ b/src/daemon/sandbox/sandbox.cc
+@@ -1118,4 +1118,32 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
+
+ metadata->sandbox_config_json = util_strdup_s(jsonStr.c_str());
+ }
++
++void Sandbox::LoadSandboxTasks()
++{
++}
++
++auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
++ const oci_runtime_spec *ociSpec,
++ const char *consoleFifos[]) -> int
++{
++ return 0;
++}
++
++auto Sandbox::PrepareExec(const char *containerId, const char *execId,
++ defs_process *processSpec, const char *consoleFifos[]) -> int
++{
++ return 0;
++}
++
++auto Sandbox::PurgeContainer(const char *containerId) -> int
++{
++ return 0;
++}
++
++auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
++{
++ return 0;
++}
++
+ }
+\ No newline at end of file
+diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
+index 415406ff..58d60ecb 100644
+--- a/src/daemon/sandbox/sandbox.h
++++ b/src/daemon/sandbox/sandbox.h
+@@ -141,13 +141,14 @@ public:
+ void Status(runtime::v1::PodSandboxStatus &status);
+
+ // for sandbox api update
+- virtual void LoadSandboxTasks() = 0;
+- virtual auto SaveSandboxTasks() -> bool = 0;
+- virtual auto AddSandboxTasks(sandbox_task *task) -> bool = 0;
+- virtual auto GetAnySandboxTasks() -> std::string = 0;
+- virtual void DeleteSandboxTasks(const char *containerId) = 0;
+- virtual auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool = 0;
+- virtual void DeleteSandboxTasksProcess(const char *containerId, const char *execId) = 0;
++ virtual void LoadSandboxTasks();
++ virtual auto PrepareContainer(const char *containerId, const char *baseFs,
++ const oci_runtime_spec *ociSpec,
++ const char *consoleFifos[]) -> int;
++ virtual auto PrepareExec(const char *containerId, const char *execId,
++ defs_process *processSpec, const char *consoleFifos[]) -> int;
++ virtual auto PurgeContainer(const char *containerId) -> int;
++ virtual auto PurgeExec(const char *containerId, const char *execId) -> int;
+
+ private:
+ auto SaveState(Errors &error) -> bool;
+diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
+index ba003d56..a7908a60 100644
+--- a/src/daemon/sandbox/sandbox_manager.cc
++++ b/src/daemon/sandbox/sandbox_manager.cc
+@@ -27,7 +27,6 @@
+ #ifdef ENABLE_SANDBOXER
+ #include "sandboxer_sandbox.h"
+ #endif
+-#include "shim_sandbox.h"
+ #include "isulad_config.h"
+ #include "utils_verify.h"
+ #include "utils_file.h"
+@@ -116,12 +115,12 @@ auto SandboxManager::CreateSandbox(const std::string &name, RuntimeInfo &info, s
+
+ #ifdef ENABLE_SANDBOXER
+ if (info.sandboxer == SHIM_CONTROLLER_NAME) {
+- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
++ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+ } else {
+ sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+ }
+ #else
+- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
++ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+ #endif
+ if (sandbox == nullptr) {
+ ERROR("Failed to malloc for sandbox: %s", name.c_str());
+@@ -485,12 +484,12 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr<Sandbox>
+
+ #ifdef ENABLE_SANDBOXER
+ if (IsShimSandbox(id, m_rootdir)) {
+- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
++ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
+ } else {
+ sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir);
+ }
+ #else
+- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
++ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
+ #endif
+ if (sandbox == nullptr) {
+ ERROR("Failed to malloc for sandboxes: %s", id.c_str());
+diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc
+index f50a1033..ae881933 100644
+--- a/src/daemon/sandbox/sandbox_ops.cc
++++ b/src/daemon/sandbox/sandbox_ops.cc
+@@ -24,12 +24,6 @@
+ #include "sandbox.h"
+ #include "namespace.h"
+ #include "utils.h"
+-#include "utils_timestamp.h"
+-#include "utils_array.h"
+-
+-const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
+-const std::string SANDBOX_TASKS_KEY = "tasks";
+-const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";
+
+ static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
+ {
+@@ -37,99 +31,6 @@ static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
+ sandbox->id != NULL);
+ }
+
+-static int generate_ctrl_rootfs(sandbox_task *task,
+- const container_config_v2_common_config *config)
+-{
+- size_t len = 1;
+- if (nullptr == config->base_fs) {
+- ERROR("Container %s has no base fs", config->id);
+- return -1;
+- }
+-
+- // TODO: rootfs's options left to be configured
+- task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
+- if (task->rootfs == nullptr) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+- task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
+- if (task->rootfs[0] == nullptr) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+- task->rootfs_len = len;
+- task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
+- task->rootfs[0]->source = util_strdup_s(config->base_fs);
+-
+- return 0;
+-}
+-
+-static int do_sandbox_update(std::shared_ptr<sandbox::Sandbox> &sandbox, sandbox_sandbox *apiSandbox)
+-{
+- Errors err;
+- size_t fields_len = 1;
+- __isula_auto_string_array_t string_array *fields = nullptr;
+-
+- fields = util_string_array_new(fields_len);
+- if (fields == nullptr) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+- if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+-
+- auto controller = sandbox::ControllerManager::GetInstance()->GetController(sandbox->GetSandboxer());
+- if (nullptr == controller) {
+- ERROR("Invalid sandboxer name: %s", sandbox->GetSandboxer().c_str());
+- return -1;
+- }
+-
+- if (!controller->Update(apiSandbox, fields, err)) {
+- ERROR("Failed to update in container controller update: %s", err.GetCMessage());
+- return -1;
+- }
+-
+- return 0;
+-}
+-
+-static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
+-{
+- __isula_auto_free char *json_str = nullptr;
+- __isula_auto_free parser_error err = nullptr;
+- oci_runtime_spec *ret = nullptr;
+-
+- json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
+- if (json_str == nullptr) {
+- ERROR("Failed to generate spec json: %s", err);
+- return nullptr;
+- }
+- ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
+- if (ret == nullptr) {
+- ERROR("Failed to generate spec: %s", err);
+- }
+- return ret;
+-}
+-
+-static defs_process *clone_defs_process(defs_process *process_spec)
+-{
+- __isula_auto_free char *json_str = nullptr;
+- __isula_auto_free parser_error err = nullptr;
+- defs_process *ret = nullptr;
+-
+- json_str = defs_process_generate_json(process_spec, nullptr, &err);
+- if (json_str == nullptr) {
+- ERROR("Failed to generate process spec json: %s", err);
+- return nullptr;
+- }
+- ret = defs_process_parse_data(json_str, nullptr, &err);
+- if (ret == nullptr) {
+- ERROR("Failed to generate process spec: %s", err);
+- }
+- return ret;
+-}
+-
+ static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_config_v2_common_config *config)
+ {
+ if (nullptr == config || nullptr == config->id) {
+@@ -151,126 +52,11 @@ static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_con
+ return sandbox;
+ }
+
+-static sandbox_sandbox_runtime *init_sandbox_runtime(std::shared_ptr<sandbox::Sandbox> sandbox)
+-{
+- sandbox_sandbox_runtime *runtime = nullptr;
+-
+- auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
+- if (runtime_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return nullptr;
+- }
+- runtime = runtime_wrapper->get();
+- runtime->name = util_strdup_s(sandbox->GetRuntime().c_str());
+- // Just ignore options for now
+-
+- return runtime_wrapper->move();
+-}
+-
+-static json_map_string_string *init_sandbox_labels(std::shared_ptr<sandbox::Sandbox> sandbox)
+-{
+- json_map_string_string *labels = nullptr;
+-
+- auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
+- if (labels_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return nullptr;
+- }
+- labels = labels_wrapper->get();
+- if (append_json_map_string_string(labels, "name", sandbox->GetName().c_str()) != 0) {
+- ERROR("Out of memory");
+- return nullptr;
+- }
+-
+- return labels_wrapper->move();
+-}
+-
+-static defs_map_string_object_any *init_sandbox_extensions(std::shared_ptr<sandbox::Sandbox> sandbox)
+-{
+- defs_map_string_object_any *extensions = nullptr;
+- size_t len = 1;
+- std::string task_json;
+-
+- auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
+- if (extensions_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return nullptr;
+- }
+- extensions = extensions_wrapper->get();
+- extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
+- if (extensions->keys == nullptr) {
+- ERROR("Out of memory.");
+- return nullptr;
+- }
+- extensions->len = len;
+- extensions->values = (defs_map_string_object_any_element **)
+- util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
+- if (extensions->values == nullptr) {
+- ERROR("Out of memory.");
+- return nullptr;
+- }
+- extensions->values[0] = (defs_map_string_object_any_element *)
+- util_common_calloc_s(sizeof(defs_map_string_object_any_element));
+- if (extensions->values[0] == nullptr) {
+- ERROR("Out of memory.");
+- return nullptr;
+- }
+- extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
+- if (extensions->values[0]->element == nullptr) {
+- ERROR("Out of memory.");
+- return nullptr;
+- }
+-
+- extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
+- task_json = sandbox->GetAnySandboxTasks();
+- if (task_json.empty()) {
+- ERROR("Failed to get any sandbox tasks");
+- return nullptr;
+- }
+- DEBUG("Get any sandbox tasks %s", task_json.c_str());
+- extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
+- extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
+- extensions->values[0]->element->value_len = strlen(task_json.c_str());
+-
+- return extensions_wrapper->move();
+-}
+-
+-static int init_api_sandbox(std::shared_ptr<sandbox::Sandbox> sandbox, sandbox_sandbox *apiSandbox)
+-{
+- apiSandbox->sandbox_id = util_strdup_s(sandbox->GetId().c_str());
+- apiSandbox->runtime = init_sandbox_runtime(sandbox);
+- if (apiSandbox->runtime == nullptr) {
+- ERROR("Failed to init sandbox runtime");
+- return -1;
+- }
+- // Just ignore spec
+- apiSandbox->labels = init_sandbox_labels(sandbox);
+- if (apiSandbox->labels == nullptr) {
+- ERROR("Failed to init sandbox runtime");
+- return -1;
+- }
+- apiSandbox->created_at = sandbox->GetCreatedAt();
+- apiSandbox->updated_at = util_get_now_time_nanos();
+- apiSandbox->extensions = init_sandbox_extensions(sandbox);
+- if (apiSandbox->extensions == nullptr) {
+- ERROR("Failed to init sandbox runtime");
+- return -1;
+- }
+- apiSandbox->sandboxer = util_strdup_s(sandbox->GetSandboxer().c_str());
+-
+- return 0;
+-}
+
+ int sandbox_prepare_container(const container_config_v2_common_config *config,
+ const oci_runtime_spec *oci_spec,
+ const char * console_fifos[], bool tty)
+ {
+- sandbox_task *task = nullptr;
+- sandbox_sandbox *apiSandbox = nullptr;
+- int ret = -1;
+-
+- INFO("Prepare container for sandbox");
+-
+ if (nullptr == console_fifos) {
+ ERROR("Invlaid parameter: console_fifos");
+ return -1;
+@@ -282,67 +68,13 @@ int sandbox_prepare_container(const container_config_v2_common_config *config,
+ return -1;
+ }
+
+- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+- if (apiSandbox_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- apiSandbox = apiSandbox_wrapper->get();
+- auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
+- if (task_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- task = task_wrapper->get();
+-
+- task->task_id = util_strdup_s(config->id);
+- task->spec = clone_oci_runtime_spec(oci_spec);
+- if (task->spec == nullptr) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+- if (generate_ctrl_rootfs(task, config) != 0) {
+- ERROR("Invalid rootfs");
+- return -1;
+- }
+- task->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
+- task->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
+- task->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
+-
+- if (!sandbox->AddSandboxTasks(task)) {
+- ERROR("Failed to add sandbox %s task.", config->id);
+- return -1;
+- }
+- task = task_wrapper->move();
+- ret = init_api_sandbox(sandbox, apiSandbox);
+- if (ret != 0) {
+- ERROR("Failed to init %s api sandbox.", config->id);
+- goto del_out;
+- }
+- ret = do_sandbox_update(sandbox, apiSandbox);
+-
+-del_out:
+- if (ret != 0) {
+- sandbox->DeleteSandboxTasks(config->id);
+- }
+- if (!sandbox->SaveSandboxTasks()) {
+- ERROR("Failed to Save %s sandbox tasks.", config->id);
+- ret = -1;
+- }
+-
+- return ret;
++ return sandbox->PrepareContainer(config->id, config->base_fs, oci_spec, console_fifos);
+ }
+
+ int sandbox_prepare_exec(const container_config_v2_common_config *config,
+ const char *exec_id, defs_process *process_spec,
+ const char * console_fifos[], bool tty)
+ {
+- sandbox_process *process = nullptr;
+- sandbox_sandbox *apiSandbox = nullptr;
+- int ret = -1;
+-
+- INFO("Prepare exec for container in sandbox");
+-
+ if (nullptr == console_fifos) {
+ ERROR("Invlaid parameter: console_fifos");
+ return -1;
+@@ -354,116 +86,29 @@ int sandbox_prepare_exec(const container_config_v2_common_config *config,
+ return -1;
+ }
+
+- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+- if (apiSandbox_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- apiSandbox = apiSandbox_wrapper->get();
+- auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
+- if (process_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- process = process_wrapper->get();
+-
+- process->exec_id = util_strdup_s(exec_id);
+- process->spec = clone_defs_process(process_spec);
+- if (process->spec == nullptr) {
+- ERROR("Out of memory.");
+- return -1;
+- }
+- process->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
+- process->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
+- process->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
+-
+- if (!sandbox->AddSandboxTasksProcess(config->id, process)) {
+- ERROR("Failed to add sandbox %s process.", config->id);
+- return -1;
+- }
+- process = process_wrapper->move();
+- ret = init_api_sandbox(sandbox, apiSandbox);
+- if (ret != 0) {
+- ERROR("Failed to init %s api sandbox.", config->id);
+- goto del_out;
+- }
+- ret = do_sandbox_update(sandbox, apiSandbox);
+-
+-del_out:
+- if (ret != 0) {
+- sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
+- }
+- if (!sandbox->SaveSandboxTasks()) {
+- ERROR("Failed to Save %s sandbox tasks.", config->id);
+- ret = -1;
+- }
+-
+- return ret;
++ return sandbox->PrepareExec(config->id, exec_id, process_spec, console_fifos);
+ }
+
+ int sandbox_purge_container(const container_config_v2_common_config *config)
+ {
+- sandbox_sandbox *apiSandbox = nullptr;
+-
+- INFO("Purge container for sandbox");
+-
+ auto sandbox = get_prepare_sandbox(config);
+ if (sandbox == nullptr) {
+ ERROR("Sandbox not found");
+ return -1;
+ }
+
+- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+- if (apiSandbox_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- apiSandbox = apiSandbox_wrapper->get();
+-
+- sandbox->DeleteSandboxTasks(config->id);
+- if (!sandbox->SaveSandboxTasks()) {
+- ERROR("Failed to Save %s sandbox tasks.", config->id);
+- return -1;
+- }
+-
+- if (init_api_sandbox(sandbox, apiSandbox) != 0) {
+- ERROR("Failed to init %s api sandbox.", config->id);
+- return -1;
+- }
+- return do_sandbox_update(sandbox, apiSandbox);
++ return sandbox->PurgeContainer(config->id);
+ }
+
+ int sandbox_purge_exec(const container_config_v2_common_config *config, const char *exec_id)
+ {
+- sandbox_sandbox *apiSandbox = nullptr;
+-
+- INFO("Purge exec for container in sandbox");
+-
+ auto sandbox = get_prepare_sandbox(config);
+ if (sandbox == nullptr) {
+ ERROR("Sandbox not found");
+ return -1;
+ }
+
+- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+- if (apiSandbox_wrapper == nullptr) {
+- ERROR("Out of memory");
+- return -1;
+- }
+- apiSandbox = apiSandbox_wrapper->get();
+-
+- sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
+- if (!sandbox->SaveSandboxTasks()) {
+- ERROR("Failed to Save %s sandbox tasks.", config->id);
+- return -1;
+- }
+-
+- if (init_api_sandbox(sandbox, apiSandbox) != 0) {
+- ERROR("Failed to init %s api sandbox.", exec_id);
+- return -1;
+- }
+-
+- return do_sandbox_update(sandbox, apiSandbox);
++ return sandbox->PurgeExec(config->id, exec_id);
+ }
+
+ int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code)
+diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
+index 726b7b3a..b2e2fb32 100644
+--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
++++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
+@@ -23,13 +23,21 @@
+
+ #include <isula_libutils/log.h>
+ #include <isula_libutils/auto_cleanup.h>
++#include <isula_libutils/sandbox_sandbox.h>
++#include <isula_libutils/defs_process.h>
+
+ #include "utils_file.h"
+ #include "utils.h"
+ #include "cxxutils.h"
++#include "utils_timestamp.h"
++#include "utils_array.h"
+
+ namespace sandbox {
+
++const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
++const std::string SANDBOX_TASKS_KEY = "tasks";
++const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";
++
+ SandboxerSandbox::SandboxerSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
+ const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
+ const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
+@@ -251,4 +259,397 @@ void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const
+ iter->second->DeleteSandboxTasksProcess(execId);
+ }
+
++static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
++{
++ __isula_auto_free char *json_str = nullptr;
++ __isula_auto_free parser_error err = nullptr;
++ oci_runtime_spec *ret = nullptr;
++
++ json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
++ if (json_str == nullptr) {
++ ERROR("Failed to generate spec json: %s", err);
++ return nullptr;
++ }
++ ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
++ if (ret == nullptr) {
++ ERROR("Failed to generate spec: %s", err);
++ }
++ return ret;
++}
++
++static defs_process *clone_defs_process(defs_process *process_spec)
++{
++ __isula_auto_free char *json_str = nullptr;
++ __isula_auto_free parser_error err = nullptr;
++ defs_process *ret = nullptr;
++
++ json_str = defs_process_generate_json(process_spec, nullptr, &err);
++ if (json_str == nullptr) {
++ ERROR("Failed to generate process spec json: %s", err);
++ return nullptr;
++ }
++ ret = defs_process_parse_data(json_str, nullptr, &err);
++ if (ret == nullptr) {
++ ERROR("Failed to generate process spec: %s", err);
++ }
++ return ret;
++}
++
++auto SandboxerSandbox::GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int
++{
++ size_t len = 1;
++ if (nullptr == baseFs) {
++ ERROR("Container %s has no base fs", task->task_id);
++ return -1;
++ }
++
++ // TODO: rootfs's options left to be configured
++ task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
++ if (task->rootfs == nullptr) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++ task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
++ if (task->rootfs[0] == nullptr) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++ task->rootfs_len = len;
++ task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
++ task->rootfs[0]->source = util_strdup_s(baseFs);
++
++ return 0;
++}
++
++auto SandboxerSandbox::InitSandboxRuntime() -> sandbox_sandbox_runtime *
++{
++ sandbox_sandbox_runtime *runtime = nullptr;
++
++ auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
++ if (runtime_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return nullptr;
++ }
++ runtime = runtime_wrapper->get();
++ runtime->name = util_strdup_s(GetRuntime().c_str());
++ // Just ignore options for now
++
++ return runtime_wrapper->move();
++}
++
++auto SandboxerSandbox::InitSandboxLabels() -> json_map_string_string *
++{
++ json_map_string_string *labels = nullptr;
++
++ auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
++ if (labels_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return nullptr;
++ }
++ labels = labels_wrapper->get();
++ if (append_json_map_string_string(labels, "name", GetName().c_str()) != 0) {
++ ERROR("Out of memory");
++ return nullptr;
++ }
++
++ return labels_wrapper->move();
++}
++
++auto SandboxerSandbox::InitSandboxExtensions() -> defs_map_string_object_any *
++{
++ defs_map_string_object_any *extensions = nullptr;
++ size_t len = 1;
++ std::string task_json;
++
++ auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
++ if (extensions_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return nullptr;
++ }
++ extensions = extensions_wrapper->get();
++
++ extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
++ if (extensions->keys == nullptr) {
++ ERROR("Out of memory.");
++ return nullptr;
++ }
++ extensions->values = (defs_map_string_object_any_element **)
++ util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
++ if (extensions->values == nullptr) {
++ ERROR("Out of memory.");
++ free(extensions->keys);
++ extensions->keys = nullptr;
++ return nullptr;
++ }
++ extensions->len = len;
++
++ extensions->values[0] = (defs_map_string_object_any_element *)
++ util_common_calloc_s(sizeof(defs_map_string_object_any_element));
++ if (extensions->values[0] == nullptr) {
++ ERROR("Out of memory.");
++ return nullptr;
++ }
++ extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
++ if (extensions->values[0]->element == nullptr) {
++ ERROR("Out of memory.");
++ return nullptr;
++ }
++
++ extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
++ task_json = GetAnySandboxTasks();
++ if (task_json.empty()) {
++ ERROR("Failed to get any sandbox tasks");
++ return nullptr;
++ }
++ DEBUG("Get any sandbox tasks %s", task_json.c_str());
++ extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
++ extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
++ extensions->values[0]->element->value_len = strlen(task_json.c_str());
++
++ return extensions_wrapper->move();
++}
++
++auto SandboxerSandbox::InitApiSandbox(sandbox_sandbox *apiSandbox) -> int
++{
++ apiSandbox->sandbox_id = util_strdup_s(GetId().c_str());
++ apiSandbox->runtime = InitSandboxRuntime();
++ if (apiSandbox->runtime == nullptr) {
++ ERROR("Failed to init sandbox runtime");
++ return -1;
++ }
++ // Just ignore spec
++ apiSandbox->labels = InitSandboxLabels();
++ if (apiSandbox->labels == nullptr) {
++ ERROR("Failed to init sandbox runtime");
++ return -1;
++ }
++ apiSandbox->created_at = GetCreatedAt();
++ apiSandbox->updated_at = util_get_now_time_nanos();
++ apiSandbox->extensions = InitSandboxExtensions();
++ if (apiSandbox->extensions == nullptr) {
++ ERROR("Failed to init sandbox runtime");
++ return -1;
++ }
++ apiSandbox->sandboxer = util_strdup_s(GetSandboxer().c_str());
++
++ return 0;
++}
++
++auto SandboxerSandbox::DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int
++{
++ Errors err;
++ size_t fields_len = 1;
++ __isula_auto_string_array_t string_array *fields = nullptr;
++
++ fields = util_string_array_new(fields_len);
++ if (fields == nullptr) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++ if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++
++ auto controller = sandbox::ControllerManager::GetInstance()->GetController(GetSandboxer());
++ if (nullptr == controller) {
++ ERROR("Invalid sandboxer name: %s", GetSandboxer().c_str());
++ return -1;
++ }
++
++ if (!controller->Update(apiSandbox, fields, err)) {
++ ERROR("Failed to update in container controller update: %s", err.GetCMessage());
++ return -1;
++ }
++
++ return 0;
++}
++
++auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
++ const oci_runtime_spec *ociSpec,
++ const char *consoleFifos[]) -> int
++{
++ sandbox_task *task = nullptr;
++ sandbox_sandbox *apiSandbox = nullptr;
++
++ INFO("Prepare container for sandbox");
++
++ if (nullptr == consoleFifos) {
++ ERROR("Invlaid parameter: consoleFifos");
++ return -1;
++ }
++
++ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
++ if (apiSandbox_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ apiSandbox = apiSandbox_wrapper->get();
++ auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
++ if (task_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ task = task_wrapper->get();
++
++ task->task_id = util_strdup_s(containerId);
++ task->spec = clone_oci_runtime_spec(ociSpec);
++ if (task->spec == nullptr) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++ if (GenerateCtrlRootfs(task, baseFs) != 0) {
++ ERROR("Invalid rootfs");
++ return -1;
++ }
++ task->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
++ task->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
++ task->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
++
++ if (!AddSandboxTasks(task)) {
++ ERROR("Failed to add sandbox %s task.", containerId);
++ return -1;
++ }
++ task = task_wrapper->move();
++ if (InitApiSandbox(apiSandbox) != 0) {
++ ERROR("Failed to init %s api sandbox.", containerId);
++ goto del_out;
++ }
++ if (DoSandboxUpdate(apiSandbox) != 0) {
++ ERROR("Failed to update %s api sandbox.", containerId);
++ goto del_out;
++ }
++ if (!SaveSandboxTasks()) {
++ ERROR("Failed to Save %s sandbox tasks.", containerId);
++ (void)PurgeContainer(containerId);
++ return -1;
++ }
++ return 0;
++
++del_out:
++ DeleteSandboxTasks(containerId);
++ return -1;
++}
++
++auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
++ defs_process *processSpec, const char *consoleFifos[]) -> int
++{
++ sandbox_process *process = nullptr;
++ sandbox_sandbox *apiSandbox = nullptr;
++
++ INFO("Prepare exec for container in sandbox");
++
++ if (nullptr == consoleFifos) {
++ ERROR("Invlaid parameter: consoleFifos");
++ return -1;
++ }
++
++ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
++ if (apiSandbox_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ apiSandbox = apiSandbox_wrapper->get();
++ auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
++ if (process_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ process = process_wrapper->get();
++
++ process->exec_id = util_strdup_s(execId);
++ process->spec = clone_defs_process(processSpec);
++ if (process->spec == nullptr) {
++ ERROR("Out of memory.");
++ return -1;
++ }
++ process->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
++ process->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
++ process->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
++
++ if (!AddSandboxTasksProcess(containerId, process)) {
++ ERROR("Failed to add sandbox %s process.", containerId);
++ return -1;
++ }
++ process = process_wrapper->move();
++ if (InitApiSandbox(apiSandbox) != 0) {
++ ERROR("Failed to init %s api sandbox.", containerId);
++ goto del_out;
++ }
++ if (DoSandboxUpdate(apiSandbox) != 0) {
++ ERROR("Failed to init %s api sandbox.", containerId);
++ goto del_out;
++ }
++ if (!SaveSandboxTasks()) {
++ ERROR("Failed to Save %s sandbox tasks.", containerId);
++ (void)PurgeExec(containerId, execId);
++ return -1;
++ }
++ return 0;
++
++del_out:
++ DeleteSandboxTasksProcess(containerId, execId);
++ return -1;
++}
++
++auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
++{
++ sandbox_sandbox *apiSandbox = nullptr;
++
++ INFO("Purge container for sandbox");
++
++ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
++ if (apiSandbox_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ apiSandbox = apiSandbox_wrapper->get();
++
++ DeleteSandboxTasks(containerId);
++
++ if (InitApiSandbox(apiSandbox) != 0) {
++ ERROR("Failed to init %s api sandbox.", containerId);
++ return -1;
++ }
++ if (DoSandboxUpdate(apiSandbox) != 0) {
++ ERROR("Failed to update %s api sandbox.", containerId);
++ return -1;
++ }
++ if (!SaveSandboxTasks()) {
++ ERROR("Failed to Save %s sandbox tasks.", containerId);
++ return -1;
++ }
++ return 0;
++}
++
++auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
++{
++ sandbox_sandbox *apiSandbox = nullptr;
++
++ INFO("Purge exec for container in sandbox");
++
++ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
++ if (apiSandbox_wrapper == nullptr) {
++ ERROR("Out of memory");
++ return -1;
++ }
++ apiSandbox = apiSandbox_wrapper->get();
++
++ DeleteSandboxTasksProcess(containerId, execId);
++
++ if (InitApiSandbox(apiSandbox) != 0) {
++ ERROR("Failed to init %s api sandbox.", execId);
++ return -1;
++ }
++ if (DoSandboxUpdate(apiSandbox) != 0) {
++ ERROR("Failed to update %s api sandbox.", execId);
++ return -1;
++ }
++ if (!SaveSandboxTasks()) {
++ ERROR("Failed to Save %s sandbox tasks.", containerId);
++ return -1;
++ }
++ return 0;
++}
++
+ }
+\ No newline at end of file
+diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
+index 552eb328..37a96cd6 100644
+--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
++++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
+@@ -33,24 +33,39 @@ public:
+ const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
+ const std::string image = "");
+ virtual ~SandboxerSandbox() = default;
+-
+- // for sandbox api update
+- auto GetTasksJsonPath() -> std::string;
++
+ void LoadSandboxTasks() override;
+- auto SaveSandboxTasks() -> bool override;
+- auto AddSandboxTasks(sandbox_task *task) -> bool override;
+- auto GetAnySandboxTasks() -> std::string override;
+- void DeleteSandboxTasks(const char *containerId) override;
+- auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
+- void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
++
++ auto PrepareContainer(const char *containerId, const char *baseFs,
++ const oci_runtime_spec *ociSpec,
++ const char *consoleFifos[]) -> int override;
++ auto PrepareExec(const char *containerId, const char *execId,
++ defs_process *processSpec, const char *consoleFifos[]) -> int override;
++ auto PurgeContainer(const char *containerId) -> int override;
++ auto PurgeExec(const char *containerId, const char *execId) -> int override;
+
+ private:
++ auto GetTasksJsonPath() -> std::string;
++ auto SaveSandboxTasks() -> bool;
++ auto AddSandboxTasks(sandbox_task *task) -> bool;
++ auto GetAnySandboxTasks() -> std::string;
++ void DeleteSandboxTasks(const char *containerId);
++ auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool;
++ void DeleteSandboxTasksProcess(const char *containerId, const char *execId);
++
+ auto AddTaskById(const char *task_id, sandbox_task *task) -> bool;
+ auto ReadSandboxTasksJson() -> sandbox_tasks *;
+ auto WriteSandboxTasksJson(std::string &tasks_json) -> bool;
+ auto DeleteSandboxTasksJson() -> bool;
+ void AddSandboxTasksByArray(sandbox_tasks *tasksArray);
+
++ auto GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int;
++ auto InitSandboxRuntime() -> sandbox_sandbox_runtime *;
++ auto InitSandboxLabels() -> json_map_string_string *;
++ auto InitSandboxExtensions() -> defs_map_string_object_any *;
++ auto InitApiSandbox(sandbox_sandbox *apiSandbox) -> int;
++ auto DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int;
++
+ private:
+ // use m_tasksMutex to ensure the correctness of the tasks
+ RWMutex m_tasksMutex;
+diff --git a/src/daemon/sandbox/shim/shim_sandbox.cc b/src/daemon/sandbox/shim/shim_sandbox.cc
+deleted file mode 100644
+index 2efb8d7c..00000000
+--- a/src/daemon/sandbox/shim/shim_sandbox.cc
++++ /dev/null
+@@ -1,65 +0,0 @@
+-/******************************************************************************
+- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+- * iSulad licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- * http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- * Author: liuxu
+- * Create: 2024-11-20
+- * Description: provide sandboxer sandbox class definition
+- *********************************************************************************/
+-#include "shim_sandbox.h"
+-
+-#include <unistd.h>
+-#include <string>
+-
+-#include <isula_libutils/log.h>
+-#include <isula_libutils/auto_cleanup.h>
+-
+-
+-namespace sandbox {
+-
+-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
+- const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
+- const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
+- netNsPath, sandboxConfig, image)
+-{
+-}
+-
+-void ShimSandbox::LoadSandboxTasks()
+-{
+-}
+-
+-auto ShimSandbox::SaveSandboxTasks() -> bool
+-{
+- return true;
+-}
+-
+-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
+-{
+- return true;
+-}
+-
+-auto ShimSandbox::GetAnySandboxTasks() -> std::string
+-{
+- return std::string("Nothing for shim.");
+-}
+-
+-void ShimSandbox::DeleteSandboxTasks(const char *containerId)
+-{
+-}
+-
+-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
+-{
+- return true;
+-}
+-
+-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId)
+-{
+-}
+-
+-}
+\ No newline at end of file
+diff --git a/src/daemon/sandbox/shim/shim_sandbox.h b/src/daemon/sandbox/shim/shim_sandbox.h
+deleted file mode 100644
+index 82da0573..00000000
+--- a/src/daemon/sandbox/shim/shim_sandbox.h
++++ /dev/null
+@@ -1,49 +0,0 @@
+-/******************************************************************************
+- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+- * iSulad licensed under the Mulan PSL v2.
+- * You can use this software according to the terms and conditions of the Mulan PSL v2.
+- * You may obtain a copy of Mulan PSL v2 at:
+- * http://license.coscl.org.cn/MulanPSL2
+- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+- * PURPOSE.
+- * See the Mulan PSL v2 for more details.
+- * Author: liuxu
+- * Create: 2024-11-20
+- * Description: provide shim sandbox class definition
+- *********************************************************************************/
+-
+-#ifndef DAEMON_SANDBOX_SHIM_SANDBOX_H
+-#define DAEMON_SANDBOX_SHIM_SANDBOX_H
+-
+-#include <string>
+-#include <mutex>
+-#include <google/protobuf/map.h>
+-
+-#include "read_write_lock.h"
+-#include "sandbox_task.h"
+-#include "sandbox.h"
+-
+-namespace sandbox {
+-
+-class ShimSandbox : public Sandbox {
+-public:
+- ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name = "",
+- const RuntimeInfo info = {"", "", ""}, std::string netMode = DEFAULT_NETMODE, std::string netNsPath = "",
+- const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
+- const std::string image = "");
+- virtual ~ShimSandbox() = default;
+-
+- // for sandbox api update
+- void LoadSandboxTasks() override;
+- auto SaveSandboxTasks() -> bool override;
+- auto AddSandboxTasks(sandbox_task *task) -> bool override;
+- auto GetAnySandboxTasks() -> std::string override;
+- void DeleteSandboxTasks(const char *containerId) override;
+- auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
+- void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
+-};
+-
+-} // namespace sandbox
+-
+-#endif // DAEMON_SANDBOX_SHIM_SANDBOX_H
+\ No newline at end of file
+--
+2.23.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 21:10:47 +0000