From c1d445e178cd610f8a6d9156012c6c7922eed9c5 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Sat, 20 Apr 2024 11:24:18 +0800
Subject: [PATCH 1/2] isolate sandboxer code by using macro

Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
 cmake/options.cmake                                 | 2 +-
 src/daemon/common/cri/v1/v1_cri_helpers.cc          | 7 +++++++
 src/daemon/config/isulad_config.c                   | 2 ++
 src/daemon/sandbox/controller/CMakeLists.txt        | 2 +-
 src/daemon/sandbox/controller/controller_manager.cc | 6 ++++++
 src/daemon/sandbox/controller/controller_manager.h  | 2 ++
 6 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmake/options.cmake b/cmake/options.cmake
index c1eac472..a15b8194 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -51,7 +51,7 @@ if (ENABLE_CDI STREQUAL "ON")
     endif()
 endif()
 
-option(ENABLE_SANDBOXER "Enable sandbox API" ON)
+option(ENABLE_SANDBOXER "Enable sandbox API" OFF)
 if (ENABLE_SANDBOXER STREQUAL "ON")
     add_definitions(-DENABLE_SANDBOXER)
     set(ENABLE_SANDBOXER 1)
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index 520d23d4..1f797ad7 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -391,6 +391,7 @@ void GetContainerSandboxID(const std::string &containerID, std::string &realCont
     realContainerID = info->id;
 }
 
+#ifdef ENABLE_SANDBOXER
 std::string CRISandboxerConvert(const std::string &runtime)
 {
     std::string sandboxer;
@@ -429,6 +430,12 @@ out:
     (void)isulad_server_conf_unlock();
     return sandboxer;
 }
+#else
+std::string CRISandboxerConvert(const std::string &runtime)
+{
+    return DEFAULT_SANDBOXER_NAME;
+}
+#endif
 
 void ApplySandboxSecurityContextToHostConfig(const runtime::v1::LinuxSandboxSecurityContext &context, host_config *hc,
                                              Errors &error)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 695a0d95..617db7a2 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1757,8 +1757,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
     args->json_confs->runtimes = tmp_json_confs->runtimes;
     tmp_json_confs->runtimes = NULL;
 #ifdef ENABLE_CRI_API_V1
+#ifdef ENABLE_SANDBOXER
     args->json_confs->cri_sandboxers = tmp_json_confs->cri_sandboxers;
     tmp_json_confs->cri_sandboxers = NULL;
+#endif
     args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1;
     args->json_confs->enable_pod_events = tmp_json_confs->enable_pod_events;
 #endif
diff --git a/src/daemon/sandbox/controller/CMakeLists.txt b/src/daemon/sandbox/controller/CMakeLists.txt
index f846657a..8764c05b 100644
--- a/src/daemon/sandbox/controller/CMakeLists.txt
+++ b/src/daemon/sandbox/controller/CMakeLists.txt
@@ -9,7 +9,7 @@ set(local_sandbox_controller_top_incs
     ${CMAKE_CURRENT_SOURCE_DIR}
     )
 
-if (ENABLE_SANDBOXER)
+if (ENABLE_CRI_API_V1 AND ENABLE_SANDBOXER)
     add_subdirectory(sandboxer)
     list (APPEND local_sandbox_controller_top_srcs
         ${CONTROLLER_SANDBOXER_SRCS}
diff --git a/src/daemon/sandbox/controller/controller_manager.cc b/src/daemon/sandbox/controller/controller_manager.cc
index 21c6f5fe..91c98d26 100644
--- a/src/daemon/sandbox/controller/controller_manager.cc
+++ b/src/daemon/sandbox/controller/controller_manager.cc
@@ -20,7 +20,9 @@
 #include <isula_libutils/defs.h>
 
 #include "shim_controller.h"
+#ifdef ENABLE_SANDBOXER
 #include "sandboxer_controller.h"
+#endif
 #include "isulad_config.h"
 #include "daemon_arguments.h"
 
@@ -44,10 +46,12 @@ bool ControllerManager::Init(Errors &error)
         return false;
     }
 
+#ifdef ENABLE_SANDBOXER
     // Initialize sandboxer controller
     if (!RegisterAllSandboxerControllers(error)) {
         return false;
     }
+#endif
     return true;
 }
 
@@ -75,6 +79,7 @@ auto ControllerManager::RegisterShimController(Errors &error) -> bool
     return true;
 }
 
+#ifdef ENABLE_SANDBOXER
 auto ControllerManager::RegisterAllSandboxerControllers(Errors &error) -> bool
 {
     std::map<std::string, std::string> config;
@@ -160,6 +165,7 @@ auto ControllerManager::RegisterSandboxerController(const std::string &sandboxer
     INFO("Sandboxer controller initialized successfully, sandboxer: %s", sandboxer.c_str());
     return true;
 }
+#endif
 
 auto ControllerManager::GetController(const std::string &name) -> std::shared_ptr<Controller>
 {
diff --git a/src/daemon/sandbox/controller/controller_manager.h b/src/daemon/sandbox/controller/controller_manager.h
index 28b52c2f..3fd547cf 100644
--- a/src/daemon/sandbox/controller/controller_manager.h
+++ b/src/daemon/sandbox/controller/controller_manager.h
@@ -31,9 +31,11 @@ public:
     auto GetController(const std::string &name) -> std::shared_ptr<Controller>;
 private:
     auto RegisterShimController(Errors &error) -> bool;
+#ifdef ENABLE_SANDBOXER
     auto RegisterAllSandboxerControllers(Errors &error) -> bool;
     auto LoadSandboxerControllersConfig(std::map<std::string, std::string> &config) -> bool;
     auto RegisterSandboxerController(const std::string &sandboxer, const std::string &address, Errors &error) -> bool;
+#endif
 
 protected:
     std::map<std::string, std::shared_ptr<Controller>> m_controllers;
-- 
2.34.1