From 16da66344854a75ce7a9d7908e0a75732eb147dc Mon Sep 17 00:00:00 2001 From: liuxu Date: Wed, 27 Nov 2024 15:11:57 +0800 Subject: [PATCH 01/11] sandbox: del shim_sandbox and change sandbox ops Signed-off-by: liuxu --- src/daemon/sandbox/sandbox.cc | 28 ++ src/daemon/sandbox/sandbox.h | 15 +- src/daemon/sandbox/sandbox_manager.cc | 9 +- src/daemon/sandbox/sandbox_ops.cc | 363 +--------------- .../sandbox/sandboxer/sandboxer_sandbox.cc | 401 ++++++++++++++++++ .../sandbox/sandboxer/sandboxer_sandbox.h | 33 +- src/daemon/sandbox/shim/shim_sandbox.cc | 65 --- src/daemon/sandbox/shim/shim_sandbox.h | 49 --- 8 files changed, 469 insertions(+), 494 deletions(-) delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.cc delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.h diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc index 3715e5e0..d105d71a 100644 --- a/src/daemon/sandbox/sandbox.cc +++ b/src/daemon/sandbox/sandbox.cc @@ -1118,4 +1118,32 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error) metadata->sandbox_config_json = util_strdup_s(jsonStr.c_str()); } + +void Sandbox::LoadSandboxTasks() +{ +} + +auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs, + const oci_runtime_spec *ociSpec, + const char *consoleFifos[]) -> int +{ + return 0; +} + +auto Sandbox::PrepareExec(const char *containerId, const char *execId, + defs_process *processSpec, const char *consoleFifos[]) -> int +{ + return 0; +} + +auto Sandbox::PurgeContainer(const char *containerId) -> int +{ + return 0; +} + +auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int +{ + return 0; +} + } \ No newline at end of file diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h index 415406ff..58d60ecb 100644 --- a/src/daemon/sandbox/sandbox.h +++ b/src/daemon/sandbox/sandbox.h @@ -141,13 +141,14 @@ public: void Status(runtime::v1::PodSandboxStatus &status); // for sandbox api update - virtual void LoadSandboxTasks() = 0; - virtual auto SaveSandboxTasks() -> bool = 0; - virtual auto AddSandboxTasks(sandbox_task *task) -> bool = 0; - virtual auto GetAnySandboxTasks() -> std::string = 0; - virtual void DeleteSandboxTasks(const char *containerId) = 0; - virtual auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool = 0; - virtual void DeleteSandboxTasksProcess(const char *containerId, const char *execId) = 0; + virtual void LoadSandboxTasks(); + virtual auto PrepareContainer(const char *containerId, const char *baseFs, + const oci_runtime_spec *ociSpec, + const char *consoleFifos[]) -> int; + virtual auto PrepareExec(const char *containerId, const char *execId, + defs_process *processSpec, const char *consoleFifos[]) -> int; + virtual auto PurgeContainer(const char *containerId) -> int; + virtual auto PurgeExec(const char *containerId, const char *execId) -> int; private: auto SaveState(Errors &error) -> bool; diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc index ba003d56..a7908a60 100644 --- a/src/daemon/sandbox/sandbox_manager.cc +++ b/src/daemon/sandbox/sandbox_manager.cc @@ -27,7 +27,6 @@ #ifdef ENABLE_SANDBOXER #include "sandboxer_sandbox.h" #endif -#include "shim_sandbox.h" #include "isulad_config.h" #include "utils_verify.h" #include "utils_file.h" @@ -116,12 +115,12 @@ auto SandboxManager::CreateSandbox(const std::string &name, RuntimeInfo &info, s #ifdef ENABLE_SANDBOXER if (info.sandboxer == SHIM_CONTROLLER_NAME) { - sandbox = std::make_shared(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image); + sandbox = std::make_shared(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image); } else { sandbox = std::make_shared(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image); } #else - sandbox = std::make_shared(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image); + sandbox = std::make_shared(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image); #endif if (sandbox == nullptr) { ERROR("Failed to malloc for sandbox: %s", name.c_str()); @@ -485,12 +484,12 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr #ifdef ENABLE_SANDBOXER if (IsShimSandbox(id, m_rootdir)) { - sandbox = std::make_shared(id, m_rootdir, m_statedir); + sandbox = std::make_shared(id, m_rootdir, m_statedir); } else { sandbox = std::make_shared(id, m_rootdir, m_statedir); } #else - sandbox = std::make_shared(id, m_rootdir, m_statedir); + sandbox = std::make_shared(id, m_rootdir, m_statedir); #endif if (sandbox == nullptr) { ERROR("Failed to malloc for sandboxes: %s", id.c_str()); diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc index f50a1033..ae881933 100644 --- a/src/daemon/sandbox/sandbox_ops.cc +++ b/src/daemon/sandbox/sandbox_ops.cc @@ -24,12 +24,6 @@ #include "sandbox.h" #include "namespace.h" #include "utils.h" -#include "utils_timestamp.h" -#include "utils_array.h" - -const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks"; -const std::string SANDBOX_TASKS_KEY = "tasks"; -const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks"; static inline bool validate_sandbox_info(const container_sandbox_info *sandbox) { @@ -37,99 +31,6 @@ static inline bool validate_sandbox_info(const container_sandbox_info *sandbox) sandbox->id != NULL); } -static int generate_ctrl_rootfs(sandbox_task *task, - const container_config_v2_common_config *config) -{ - size_t len = 1; - if (nullptr == config->base_fs) { - ERROR("Container %s has no base fs", config->id); - return -1; - } - - // TODO: rootfs's options left to be configured - task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len); - if (task->rootfs == nullptr) { - ERROR("Out of memory."); - return -1; - } - task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount)); - if (task->rootfs[0] == nullptr) { - ERROR("Out of memory."); - return -1; - } - task->rootfs_len = len; - task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND); - task->rootfs[0]->source = util_strdup_s(config->base_fs); - - return 0; -} - -static int do_sandbox_update(std::shared_ptr &sandbox, sandbox_sandbox *apiSandbox) -{ - Errors err; - size_t fields_len = 1; - __isula_auto_string_array_t string_array *fields = nullptr; - - fields = util_string_array_new(fields_len); - if (fields == nullptr) { - ERROR("Out of memory."); - return -1; - } - if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) { - ERROR("Out of memory."); - return -1; - } - - auto controller = sandbox::ControllerManager::GetInstance()->GetController(sandbox->GetSandboxer()); - if (nullptr == controller) { - ERROR("Invalid sandboxer name: %s", sandbox->GetSandboxer().c_str()); - return -1; - } - - if (!controller->Update(apiSandbox, fields, err)) { - ERROR("Failed to update in container controller update: %s", err.GetCMessage()); - return -1; - } - - return 0; -} - -static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec) -{ - __isula_auto_free char *json_str = nullptr; - __isula_auto_free parser_error err = nullptr; - oci_runtime_spec *ret = nullptr; - - json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err); - if (json_str == nullptr) { - ERROR("Failed to generate spec json: %s", err); - return nullptr; - } - ret = oci_runtime_spec_parse_data(json_str, nullptr, &err); - if (ret == nullptr) { - ERROR("Failed to generate spec: %s", err); - } - return ret; -} - -static defs_process *clone_defs_process(defs_process *process_spec) -{ - __isula_auto_free char *json_str = nullptr; - __isula_auto_free parser_error err = nullptr; - defs_process *ret = nullptr; - - json_str = defs_process_generate_json(process_spec, nullptr, &err); - if (json_str == nullptr) { - ERROR("Failed to generate process spec json: %s", err); - return nullptr; - } - ret = defs_process_parse_data(json_str, nullptr, &err); - if (ret == nullptr) { - ERROR("Failed to generate process spec: %s", err); - } - return ret; -} - static std::shared_ptr get_prepare_sandbox(const container_config_v2_common_config *config) { if (nullptr == config || nullptr == config->id) { @@ -151,126 +52,11 @@ static std::shared_ptr get_prepare_sandbox(const container_con return sandbox; } -static sandbox_sandbox_runtime *init_sandbox_runtime(std::shared_ptr sandbox) -{ - sandbox_sandbox_runtime *runtime = nullptr; - - auto runtime_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox_runtime); - if (runtime_wrapper == nullptr) { - ERROR("Out of memory"); - return nullptr; - } - runtime = runtime_wrapper->get(); - runtime->name = util_strdup_s(sandbox->GetRuntime().c_str()); - // Just ignore options for now - - return runtime_wrapper->move(); -} - -static json_map_string_string *init_sandbox_labels(std::shared_ptr sandbox) -{ - json_map_string_string *labels = nullptr; - - auto labels_wrapper = makeUniquePtrCStructWrapper(free_json_map_string_string); - if (labels_wrapper == nullptr) { - ERROR("Out of memory"); - return nullptr; - } - labels = labels_wrapper->get(); - if (append_json_map_string_string(labels, "name", sandbox->GetName().c_str()) != 0) { - ERROR("Out of memory"); - return nullptr; - } - - return labels_wrapper->move(); -} - -static defs_map_string_object_any *init_sandbox_extensions(std::shared_ptr sandbox) -{ - defs_map_string_object_any *extensions = nullptr; - size_t len = 1; - std::string task_json; - - auto extensions_wrapper = makeUniquePtrCStructWrapper(free_defs_map_string_object_any); - if (extensions_wrapper == nullptr) { - ERROR("Out of memory"); - return nullptr; - } - extensions = extensions_wrapper->get(); - extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len); - if (extensions->keys == nullptr) { - ERROR("Out of memory."); - return nullptr; - } - extensions->len = len; - extensions->values = (defs_map_string_object_any_element **) - util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len); - if (extensions->values == nullptr) { - ERROR("Out of memory."); - return nullptr; - } - extensions->values[0] = (defs_map_string_object_any_element *) - util_common_calloc_s(sizeof(defs_map_string_object_any_element)); - if (extensions->values[0] == nullptr) { - ERROR("Out of memory."); - return nullptr; - } - extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any)); - if (extensions->values[0]->element == nullptr) { - ERROR("Out of memory."); - return nullptr; - } - - extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str()); - task_json = sandbox->GetAnySandboxTasks(); - if (task_json.empty()) { - ERROR("Failed to get any sandbox tasks"); - return nullptr; - } - DEBUG("Get any sandbox tasks %s", task_json.c_str()); - extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str()); - extensions->values[0]->element->value = reinterpret_cast(util_strdup_s(task_json.c_str())); - extensions->values[0]->element->value_len = strlen(task_json.c_str()); - - return extensions_wrapper->move(); -} - -static int init_api_sandbox(std::shared_ptr sandbox, sandbox_sandbox *apiSandbox) -{ - apiSandbox->sandbox_id = util_strdup_s(sandbox->GetId().c_str()); - apiSandbox->runtime = init_sandbox_runtime(sandbox); - if (apiSandbox->runtime == nullptr) { - ERROR("Failed to init sandbox runtime"); - return -1; - } - // Just ignore spec - apiSandbox->labels = init_sandbox_labels(sandbox); - if (apiSandbox->labels == nullptr) { - ERROR("Failed to init sandbox runtime"); - return -1; - } - apiSandbox->created_at = sandbox->GetCreatedAt(); - apiSandbox->updated_at = util_get_now_time_nanos(); - apiSandbox->extensions = init_sandbox_extensions(sandbox); - if (apiSandbox->extensions == nullptr) { - ERROR("Failed to init sandbox runtime"); - return -1; - } - apiSandbox->sandboxer = util_strdup_s(sandbox->GetSandboxer().c_str()); - - return 0; -} int sandbox_prepare_container(const container_config_v2_common_config *config, const oci_runtime_spec *oci_spec, const char * console_fifos[], bool tty) { - sandbox_task *task = nullptr; - sandbox_sandbox *apiSandbox = nullptr; - int ret = -1; - - INFO("Prepare container for sandbox"); - if (nullptr == console_fifos) { ERROR("Invlaid parameter: console_fifos"); return -1; @@ -282,67 +68,13 @@ int sandbox_prepare_container(const container_config_v2_common_config *config, return -1; } - auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); - if (apiSandbox_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - apiSandbox = apiSandbox_wrapper->get(); - auto task_wrapper = makeUniquePtrCStructWrapper(free_sandbox_task); - if (task_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - task = task_wrapper->get(); - - task->task_id = util_strdup_s(config->id); - task->spec = clone_oci_runtime_spec(oci_spec); - if (task->spec == nullptr) { - ERROR("Out of memory."); - return -1; - } - if (generate_ctrl_rootfs(task, config) != 0) { - ERROR("Invalid rootfs"); - return -1; - } - task->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]); - task->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]); - task->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]); - - if (!sandbox->AddSandboxTasks(task)) { - ERROR("Failed to add sandbox %s task.", config->id); - return -1; - } - task = task_wrapper->move(); - ret = init_api_sandbox(sandbox, apiSandbox); - if (ret != 0) { - ERROR("Failed to init %s api sandbox.", config->id); - goto del_out; - } - ret = do_sandbox_update(sandbox, apiSandbox); - -del_out: - if (ret != 0) { - sandbox->DeleteSandboxTasks(config->id); - } - if (!sandbox->SaveSandboxTasks()) { - ERROR("Failed to Save %s sandbox tasks.", config->id); - ret = -1; - } - - return ret; + return sandbox->PrepareContainer(config->id, config->base_fs, oci_spec, console_fifos); } int sandbox_prepare_exec(const container_config_v2_common_config *config, const char *exec_id, defs_process *process_spec, const char * console_fifos[], bool tty) { - sandbox_process *process = nullptr; - sandbox_sandbox *apiSandbox = nullptr; - int ret = -1; - - INFO("Prepare exec for container in sandbox"); - if (nullptr == console_fifos) { ERROR("Invlaid parameter: console_fifos"); return -1; @@ -354,116 +86,29 @@ int sandbox_prepare_exec(const container_config_v2_common_config *config, return -1; } - auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); - if (apiSandbox_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - apiSandbox = apiSandbox_wrapper->get(); - auto process_wrapper = makeUniquePtrCStructWrapper(free_sandbox_process); - if (process_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - process = process_wrapper->get(); - - process->exec_id = util_strdup_s(exec_id); - process->spec = clone_defs_process(process_spec); - if (process->spec == nullptr) { - ERROR("Out of memory."); - return -1; - } - process->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]); - process->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]); - process->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]); - - if (!sandbox->AddSandboxTasksProcess(config->id, process)) { - ERROR("Failed to add sandbox %s process.", config->id); - return -1; - } - process = process_wrapper->move(); - ret = init_api_sandbox(sandbox, apiSandbox); - if (ret != 0) { - ERROR("Failed to init %s api sandbox.", config->id); - goto del_out; - } - ret = do_sandbox_update(sandbox, apiSandbox); - -del_out: - if (ret != 0) { - sandbox->DeleteSandboxTasksProcess(config->id, exec_id); - } - if (!sandbox->SaveSandboxTasks()) { - ERROR("Failed to Save %s sandbox tasks.", config->id); - ret = -1; - } - - return ret; + return sandbox->PrepareExec(config->id, exec_id, process_spec, console_fifos); } int sandbox_purge_container(const container_config_v2_common_config *config) { - sandbox_sandbox *apiSandbox = nullptr; - - INFO("Purge container for sandbox"); - auto sandbox = get_prepare_sandbox(config); if (sandbox == nullptr) { ERROR("Sandbox not found"); return -1; } - auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); - if (apiSandbox_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - apiSandbox = apiSandbox_wrapper->get(); - - sandbox->DeleteSandboxTasks(config->id); - if (!sandbox->SaveSandboxTasks()) { - ERROR("Failed to Save %s sandbox tasks.", config->id); - return -1; - } - - if (init_api_sandbox(sandbox, apiSandbox) != 0) { - ERROR("Failed to init %s api sandbox.", config->id); - return -1; - } - return do_sandbox_update(sandbox, apiSandbox); + return sandbox->PurgeContainer(config->id); } int sandbox_purge_exec(const container_config_v2_common_config *config, const char *exec_id) { - sandbox_sandbox *apiSandbox = nullptr; - - INFO("Purge exec for container in sandbox"); - auto sandbox = get_prepare_sandbox(config); if (sandbox == nullptr) { ERROR("Sandbox not found"); return -1; } - auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); - if (apiSandbox_wrapper == nullptr) { - ERROR("Out of memory"); - return -1; - } - apiSandbox = apiSandbox_wrapper->get(); - - sandbox->DeleteSandboxTasksProcess(config->id, exec_id); - if (!sandbox->SaveSandboxTasks()) { - ERROR("Failed to Save %s sandbox tasks.", config->id); - return -1; - } - - if (init_api_sandbox(sandbox, apiSandbox) != 0) { - ERROR("Failed to init %s api sandbox.", exec_id); - return -1; - } - - return do_sandbox_update(sandbox, apiSandbox); + return sandbox->PurgeExec(config->id, exec_id); } int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code) diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc index 726b7b3a..b2e2fb32 100644 --- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc +++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc @@ -23,13 +23,21 @@ #include #include +#include +#include #include "utils_file.h" #include "utils.h" #include "cxxutils.h" +#include "utils_timestamp.h" +#include "utils_array.h" namespace sandbox { +const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks"; +const std::string SANDBOX_TASKS_KEY = "tasks"; +const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks"; + SandboxerSandbox::SandboxerSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name, const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig, const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode, @@ -251,4 +259,397 @@ void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const iter->second->DeleteSandboxTasksProcess(execId); } +static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec) +{ + __isula_auto_free char *json_str = nullptr; + __isula_auto_free parser_error err = nullptr; + oci_runtime_spec *ret = nullptr; + + json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err); + if (json_str == nullptr) { + ERROR("Failed to generate spec json: %s", err); + return nullptr; + } + ret = oci_runtime_spec_parse_data(json_str, nullptr, &err); + if (ret == nullptr) { + ERROR("Failed to generate spec: %s", err); + } + return ret; +} + +static defs_process *clone_defs_process(defs_process *process_spec) +{ + __isula_auto_free char *json_str = nullptr; + __isula_auto_free parser_error err = nullptr; + defs_process *ret = nullptr; + + json_str = defs_process_generate_json(process_spec, nullptr, &err); + if (json_str == nullptr) { + ERROR("Failed to generate process spec json: %s", err); + return nullptr; + } + ret = defs_process_parse_data(json_str, nullptr, &err); + if (ret == nullptr) { + ERROR("Failed to generate process spec: %s", err); + } + return ret; +} + +auto SandboxerSandbox::GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int +{ + size_t len = 1; + if (nullptr == baseFs) { + ERROR("Container %s has no base fs", task->task_id); + return -1; + } + + // TODO: rootfs's options left to be configured + task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len); + if (task->rootfs == nullptr) { + ERROR("Out of memory."); + return -1; + } + task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount)); + if (task->rootfs[0] == nullptr) { + ERROR("Out of memory."); + return -1; + } + task->rootfs_len = len; + task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND); + task->rootfs[0]->source = util_strdup_s(baseFs); + + return 0; +} + +auto SandboxerSandbox::InitSandboxRuntime() -> sandbox_sandbox_runtime * +{ + sandbox_sandbox_runtime *runtime = nullptr; + + auto runtime_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox_runtime); + if (runtime_wrapper == nullptr) { + ERROR("Out of memory"); + return nullptr; + } + runtime = runtime_wrapper->get(); + runtime->name = util_strdup_s(GetRuntime().c_str()); + // Just ignore options for now + + return runtime_wrapper->move(); +} + +auto SandboxerSandbox::InitSandboxLabels() -> json_map_string_string * +{ + json_map_string_string *labels = nullptr; + + auto labels_wrapper = makeUniquePtrCStructWrapper(free_json_map_string_string); + if (labels_wrapper == nullptr) { + ERROR("Out of memory"); + return nullptr; + } + labels = labels_wrapper->get(); + if (append_json_map_string_string(labels, "name", GetName().c_str()) != 0) { + ERROR("Out of memory"); + return nullptr; + } + + return labels_wrapper->move(); +} + +auto SandboxerSandbox::InitSandboxExtensions() -> defs_map_string_object_any * +{ + defs_map_string_object_any *extensions = nullptr; + size_t len = 1; + std::string task_json; + + auto extensions_wrapper = makeUniquePtrCStructWrapper(free_defs_map_string_object_any); + if (extensions_wrapper == nullptr) { + ERROR("Out of memory"); + return nullptr; + } + extensions = extensions_wrapper->get(); + + extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len); + if (extensions->keys == nullptr) { + ERROR("Out of memory."); + return nullptr; + } + extensions->values = (defs_map_string_object_any_element **) + util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len); + if (extensions->values == nullptr) { + ERROR("Out of memory."); + free(extensions->keys); + extensions->keys = nullptr; + return nullptr; + } + extensions->len = len; + + extensions->values[0] = (defs_map_string_object_any_element *) + util_common_calloc_s(sizeof(defs_map_string_object_any_element)); + if (extensions->values[0] == nullptr) { + ERROR("Out of memory."); + return nullptr; + } + extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any)); + if (extensions->values[0]->element == nullptr) { + ERROR("Out of memory."); + return nullptr; + } + + extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str()); + task_json = GetAnySandboxTasks(); + if (task_json.empty()) { + ERROR("Failed to get any sandbox tasks"); + return nullptr; + } + DEBUG("Get any sandbox tasks %s", task_json.c_str()); + extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str()); + extensions->values[0]->element->value = reinterpret_cast(util_strdup_s(task_json.c_str())); + extensions->values[0]->element->value_len = strlen(task_json.c_str()); + + return extensions_wrapper->move(); +} + +auto SandboxerSandbox::InitApiSandbox(sandbox_sandbox *apiSandbox) -> int +{ + apiSandbox->sandbox_id = util_strdup_s(GetId().c_str()); + apiSandbox->runtime = InitSandboxRuntime(); + if (apiSandbox->runtime == nullptr) { + ERROR("Failed to init sandbox runtime"); + return -1; + } + // Just ignore spec + apiSandbox->labels = InitSandboxLabels(); + if (apiSandbox->labels == nullptr) { + ERROR("Failed to init sandbox runtime"); + return -1; + } + apiSandbox->created_at = GetCreatedAt(); + apiSandbox->updated_at = util_get_now_time_nanos(); + apiSandbox->extensions = InitSandboxExtensions(); + if (apiSandbox->extensions == nullptr) { + ERROR("Failed to init sandbox runtime"); + return -1; + } + apiSandbox->sandboxer = util_strdup_s(GetSandboxer().c_str()); + + return 0; +} + +auto SandboxerSandbox::DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int +{ + Errors err; + size_t fields_len = 1; + __isula_auto_string_array_t string_array *fields = nullptr; + + fields = util_string_array_new(fields_len); + if (fields == nullptr) { + ERROR("Out of memory."); + return -1; + } + if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) { + ERROR("Out of memory."); + return -1; + } + + auto controller = sandbox::ControllerManager::GetInstance()->GetController(GetSandboxer()); + if (nullptr == controller) { + ERROR("Invalid sandboxer name: %s", GetSandboxer().c_str()); + return -1; + } + + if (!controller->Update(apiSandbox, fields, err)) { + ERROR("Failed to update in container controller update: %s", err.GetCMessage()); + return -1; + } + + return 0; +} + +auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs, + const oci_runtime_spec *ociSpec, + const char *consoleFifos[]) -> int +{ + sandbox_task *task = nullptr; + sandbox_sandbox *apiSandbox = nullptr; + + INFO("Prepare container for sandbox"); + + if (nullptr == consoleFifos) { + ERROR("Invlaid parameter: consoleFifos"); + return -1; + } + + auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); + if (apiSandbox_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + apiSandbox = apiSandbox_wrapper->get(); + auto task_wrapper = makeUniquePtrCStructWrapper(free_sandbox_task); + if (task_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + task = task_wrapper->get(); + + task->task_id = util_strdup_s(containerId); + task->spec = clone_oci_runtime_spec(ociSpec); + if (task->spec == nullptr) { + ERROR("Out of memory."); + return -1; + } + if (GenerateCtrlRootfs(task, baseFs) != 0) { + ERROR("Invalid rootfs"); + return -1; + } + task->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]); + task->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]); + task->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]); + + if (!AddSandboxTasks(task)) { + ERROR("Failed to add sandbox %s task.", containerId); + return -1; + } + task = task_wrapper->move(); + if (InitApiSandbox(apiSandbox) != 0) { + ERROR("Failed to init %s api sandbox.", containerId); + goto del_out; + } + if (DoSandboxUpdate(apiSandbox) != 0) { + ERROR("Failed to update %s api sandbox.", containerId); + goto del_out; + } + if (!SaveSandboxTasks()) { + ERROR("Failed to Save %s sandbox tasks.", containerId); + (void)PurgeContainer(containerId); + return -1; + } + return 0; + +del_out: + DeleteSandboxTasks(containerId); + return -1; +} + +auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId, + defs_process *processSpec, const char *consoleFifos[]) -> int +{ + sandbox_process *process = nullptr; + sandbox_sandbox *apiSandbox = nullptr; + + INFO("Prepare exec for container in sandbox"); + + if (nullptr == consoleFifos) { + ERROR("Invlaid parameter: consoleFifos"); + return -1; + } + + auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); + if (apiSandbox_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + apiSandbox = apiSandbox_wrapper->get(); + auto process_wrapper = makeUniquePtrCStructWrapper(free_sandbox_process); + if (process_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + process = process_wrapper->get(); + + process->exec_id = util_strdup_s(execId); + process->spec = clone_defs_process(processSpec); + if (process->spec == nullptr) { + ERROR("Out of memory."); + return -1; + } + process->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]); + process->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]); + process->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]); + + if (!AddSandboxTasksProcess(containerId, process)) { + ERROR("Failed to add sandbox %s process.", containerId); + return -1; + } + process = process_wrapper->move(); + if (InitApiSandbox(apiSandbox) != 0) { + ERROR("Failed to init %s api sandbox.", containerId); + goto del_out; + } + if (DoSandboxUpdate(apiSandbox) != 0) { + ERROR("Failed to init %s api sandbox.", containerId); + goto del_out; + } + if (!SaveSandboxTasks()) { + ERROR("Failed to Save %s sandbox tasks.", containerId); + (void)PurgeExec(containerId, execId); + return -1; + } + return 0; + +del_out: + DeleteSandboxTasksProcess(containerId, execId); + return -1; +} + +auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int +{ + sandbox_sandbox *apiSandbox = nullptr; + + INFO("Purge container for sandbox"); + + auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); + if (apiSandbox_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + apiSandbox = apiSandbox_wrapper->get(); + + DeleteSandboxTasks(containerId); + + if (InitApiSandbox(apiSandbox) != 0) { + ERROR("Failed to init %s api sandbox.", containerId); + return -1; + } + if (DoSandboxUpdate(apiSandbox) != 0) { + ERROR("Failed to update %s api sandbox.", containerId); + return -1; + } + if (!SaveSandboxTasks()) { + ERROR("Failed to Save %s sandbox tasks.", containerId); + return -1; + } + return 0; +} + +auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int +{ + sandbox_sandbox *apiSandbox = nullptr; + + INFO("Purge exec for container in sandbox"); + + auto apiSandbox_wrapper = makeUniquePtrCStructWrapper(free_sandbox_sandbox); + if (apiSandbox_wrapper == nullptr) { + ERROR("Out of memory"); + return -1; + } + apiSandbox = apiSandbox_wrapper->get(); + + DeleteSandboxTasksProcess(containerId, execId); + + if (InitApiSandbox(apiSandbox) != 0) { + ERROR("Failed to init %s api sandbox.", execId); + return -1; + } + if (DoSandboxUpdate(apiSandbox) != 0) { + ERROR("Failed to update %s api sandbox.", execId); + return -1; + } + if (!SaveSandboxTasks()) { + ERROR("Failed to Save %s sandbox tasks.", containerId); + return -1; + } + return 0; +} + } \ No newline at end of file diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h index 552eb328..37a96cd6 100644 --- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h +++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h @@ -33,24 +33,39 @@ public: const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(), const std::string image = ""); virtual ~SandboxerSandbox() = default; - - // for sandbox api update - auto GetTasksJsonPath() -> std::string; + void LoadSandboxTasks() override; - auto SaveSandboxTasks() -> bool override; - auto AddSandboxTasks(sandbox_task *task) -> bool override; - auto GetAnySandboxTasks() -> std::string override; - void DeleteSandboxTasks(const char *containerId) override; - auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override; - void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override; + + auto PrepareContainer(const char *containerId, const char *baseFs, + const oci_runtime_spec *ociSpec, + const char *consoleFifos[]) -> int override; + auto PrepareExec(const char *containerId, const char *execId, + defs_process *processSpec, const char *consoleFifos[]) -> int override; + auto PurgeContainer(const char *containerId) -> int override; + auto PurgeExec(const char *containerId, const char *execId) -> int override; private: + auto GetTasksJsonPath() -> std::string; + auto SaveSandboxTasks() -> bool; + auto AddSandboxTasks(sandbox_task *task) -> bool; + auto GetAnySandboxTasks() -> std::string; + void DeleteSandboxTasks(const char *containerId); + auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool; + void DeleteSandboxTasksProcess(const char *containerId, const char *execId); + auto AddTaskById(const char *task_id, sandbox_task *task) -> bool; auto ReadSandboxTasksJson() -> sandbox_tasks *; auto WriteSandboxTasksJson(std::string &tasks_json) -> bool; auto DeleteSandboxTasksJson() -> bool; void AddSandboxTasksByArray(sandbox_tasks *tasksArray); + auto GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int; + auto InitSandboxRuntime() -> sandbox_sandbox_runtime *; + auto InitSandboxLabels() -> json_map_string_string *; + auto InitSandboxExtensions() -> defs_map_string_object_any *; + auto InitApiSandbox(sandbox_sandbox *apiSandbox) -> int; + auto DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int; + private: // use m_tasksMutex to ensure the correctness of the tasks RWMutex m_tasksMutex; diff --git a/src/daemon/sandbox/shim/shim_sandbox.cc b/src/daemon/sandbox/shim/shim_sandbox.cc deleted file mode 100644 index 2efb8d7c..00000000 --- a/src/daemon/sandbox/shim/shim_sandbox.cc +++ /dev/null @@ -1,65 +0,0 @@ -/****************************************************************************** - * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - * Author: liuxu - * Create: 2024-11-20 - * Description: provide sandboxer sandbox class definition - *********************************************************************************/ -#include "shim_sandbox.h" - -#include -#include - -#include -#include - - -namespace sandbox { - -ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name, - const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig, - const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode, - netNsPath, sandboxConfig, image) -{ -} - -void ShimSandbox::LoadSandboxTasks() -{ -} - -auto ShimSandbox::SaveSandboxTasks() -> bool -{ - return true; -} - -auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool -{ - return true; -} - -auto ShimSandbox::GetAnySandboxTasks() -> std::string -{ - return std::string("Nothing for shim."); -} - -void ShimSandbox::DeleteSandboxTasks(const char *containerId) -{ -} - -auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool -{ - return true; -} - -void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) -{ -} - -} \ No newline at end of file diff --git a/src/daemon/sandbox/shim/shim_sandbox.h b/src/daemon/sandbox/shim/shim_sandbox.h deleted file mode 100644 index 82da0573..00000000 --- a/src/daemon/sandbox/shim/shim_sandbox.h +++ /dev/null @@ -1,49 +0,0 @@ -/****************************************************************************** - * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - * Author: liuxu - * Create: 2024-11-20 - * Description: provide shim sandbox class definition - *********************************************************************************/ - -#ifndef DAEMON_SANDBOX_SHIM_SANDBOX_H -#define DAEMON_SANDBOX_SHIM_SANDBOX_H - -#include -#include -#include - -#include "read_write_lock.h" -#include "sandbox_task.h" -#include "sandbox.h" - -namespace sandbox { - -class ShimSandbox : public Sandbox { -public: - ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name = "", - const RuntimeInfo info = {"", "", ""}, std::string netMode = DEFAULT_NETMODE, std::string netNsPath = "", - const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(), - const std::string image = ""); - virtual ~ShimSandbox() = default; - - // for sandbox api update - void LoadSandboxTasks() override; - auto SaveSandboxTasks() -> bool override; - auto AddSandboxTasks(sandbox_task *task) -> bool override; - auto GetAnySandboxTasks() -> std::string override; - void DeleteSandboxTasks(const char *containerId) override; - auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override; - void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override; -}; - -} // namespace sandbox - -#endif // DAEMON_SANDBOX_SHIM_SANDBOX_H \ No newline at end of file -- 2.23.0