src-openeuler-iSulad
/
0167-sandbox-del-shim_sandbox-and-cha...

From 16da66344854a75ce7a9d7908e0a75732eb147dc Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 27 Nov 2024 15:11:57 +0800
Subject: [PATCH 01/11] sandbox: del shim_sandbox and change sandbox ops

Signed-off-by: liuxu <liuxu156@huawei.com>
---
 src/daemon/sandbox/sandbox.cc                 |  28 ++
 src/daemon/sandbox/sandbox.h                  |  15 +-
 src/daemon/sandbox/sandbox_manager.cc         |   9 +-
 src/daemon/sandbox/sandbox_ops.cc             | 363 +---------------
 .../sandbox/sandboxer/sandboxer_sandbox.cc    | 401 ++++++++++++++++++
 .../sandbox/sandboxer/sandboxer_sandbox.h     |  33 +-
 src/daemon/sandbox/shim/shim_sandbox.cc       |  65 ---
 src/daemon/sandbox/shim/shim_sandbox.h        |  49 ---
 8 files changed, 469 insertions(+), 494 deletions(-)
 delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.cc
 delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.h

diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 3715e5e0..d105d71a 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -1118,4 +1118,32 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)

     metadata->sandbox_config_json = util_strdup_s(jsonStr.c_str());
 }
+
+void Sandbox::LoadSandboxTasks()
+{
+}
+
+auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
+                               const oci_runtime_spec *ociSpec,
+                               const char *consoleFifos[]) -> int
+{
+    return 0;
+}
+
+auto Sandbox::PrepareExec(const char *containerId, const char *execId,
+                          defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+    return 0;
+}
+
+auto Sandbox::PurgeContainer(const char *containerId) -> int
+{
+    return 0;
+}
+
+auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+    return 0;
+}
+
 }
\ No newline at end of file
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 415406ff..58d60ecb 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -141,13 +141,14 @@ public:
     void Status(runtime::v1::PodSandboxStatus &status);

     // for sandbox api update
-    virtual void LoadSandboxTasks() = 0;
-    virtual auto SaveSandboxTasks() -> bool = 0;
-    virtual auto AddSandboxTasks(sandbox_task *task) -> bool = 0;
-    virtual auto GetAnySandboxTasks() -> std::string = 0;
-    virtual void DeleteSandboxTasks(const char *containerId) = 0;
-    virtual auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool = 0;
-    virtual void DeleteSandboxTasksProcess(const char *containerId, const char *execId) = 0;
+    virtual void LoadSandboxTasks();
+    virtual auto PrepareContainer(const char *containerId, const char *baseFs,
+                                  const oci_runtime_spec *ociSpec,
+                                  const char *consoleFifos[]) -> int;
+    virtual auto PrepareExec(const char *containerId, const char *execId,
+                             defs_process *processSpec, const char *consoleFifos[]) -> int;
+    virtual auto PurgeContainer(const char *containerId) -> int;
+    virtual auto PurgeExec(const char *containerId, const char *execId) -> int;

 private:
     auto SaveState(Errors &error) -> bool;
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index ba003d56..a7908a60 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -27,7 +27,6 @@
 #ifdef ENABLE_SANDBOXER
 #include "sandboxer_sandbox.h"
 #endif
-#include "shim_sandbox.h"
 #include "isulad_config.h"
 #include "utils_verify.h"
 #include "utils_file.h"
@@ -116,12 +115,12 @@ auto SandboxManager::CreateSandbox(const std::string &name, RuntimeInfo &info, s

 #ifdef ENABLE_SANDBOXER
     if (info.sandboxer == SHIM_CONTROLLER_NAME) {
-        sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+        sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
     } else {
         sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
     }
 #else
-    sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+    sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
 #endif
     if (sandbox == nullptr) {
         ERROR("Failed to malloc for sandbox: %s", name.c_str());
@@ -485,12 +484,12 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr<Sandbox>

 #ifdef ENABLE_SANDBOXER
     if (IsShimSandbox(id, m_rootdir)) {
-        sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
+        sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
     } else {
         sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir);
     }
 #else
-    sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
+    sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
 #endif
     if (sandbox == nullptr) {
         ERROR("Failed to malloc for sandboxes: %s", id.c_str());
diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc
index f50a1033..ae881933 100644
--- a/src/daemon/sandbox/sandbox_ops.cc
+++ b/src/daemon/sandbox/sandbox_ops.cc
@@ -24,12 +24,6 @@
 #include "sandbox.h"
 #include "namespace.h"
 #include "utils.h"
-#include "utils_timestamp.h"
-#include "utils_array.h"
-
-const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
-const std::string SANDBOX_TASKS_KEY = "tasks";
-const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";

 static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
 {
@@ -37,99 +31,6 @@ static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
             sandbox->id != NULL);
 }

-static int generate_ctrl_rootfs(sandbox_task *task,
-                                const container_config_v2_common_config *config)
-{
-    size_t len = 1;
-    if (nullptr == config->base_fs) {
-        ERROR("Container %s has no base fs", config->id);
-        return -1;
-    }
-
-    // TODO: rootfs's options left to be configured
-    task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
-    if (task->rootfs == nullptr) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-    task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
-    if (task->rootfs[0] == nullptr) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-    task->rootfs_len = len;
-    task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
-    task->rootfs[0]->source = util_strdup_s(config->base_fs);
-
-    return 0;
-}
-
-static int do_sandbox_update(std::shared_ptr<sandbox::Sandbox> &sandbox, sandbox_sandbox *apiSandbox)
-{
-    Errors err;
-    size_t fields_len = 1;
-    __isula_auto_string_array_t string_array *fields = nullptr;
-
-    fields = util_string_array_new(fields_len);
-    if (fields == nullptr) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-    if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-
-    auto controller = sandbox::ControllerManager::GetInstance()->GetController(sandbox->GetSandboxer());
-    if (nullptr == controller) {
-        ERROR("Invalid sandboxer name: %s", sandbox->GetSandboxer().c_str());
-        return -1;
-    }
-
-    if (!controller->Update(apiSandbox, fields, err)) {
-        ERROR("Failed to update in container controller update: %s", err.GetCMessage());
-        return -1;
-    }
-
-    return 0;
-}
-
-static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
-{
-    __isula_auto_free char *json_str = nullptr;
-    __isula_auto_free parser_error err = nullptr;
-    oci_runtime_spec *ret = nullptr;
-
-    json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
-    if (json_str == nullptr) {
-        ERROR("Failed to generate spec json: %s", err);
-        return nullptr;
-    }
-    ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
-    if (ret == nullptr) {
-        ERROR("Failed to generate spec: %s", err);
-    }
-    return ret;
-}
-
-static defs_process *clone_defs_process(defs_process *process_spec)
-{
-    __isula_auto_free char *json_str = nullptr;
-    __isula_auto_free parser_error err = nullptr;
-    defs_process *ret = nullptr;
-
-    json_str = defs_process_generate_json(process_spec, nullptr, &err);
-    if (json_str == nullptr) {
-        ERROR("Failed to generate process spec json: %s", err);
-        return nullptr;
-    }
-    ret = defs_process_parse_data(json_str, nullptr, &err);
-    if (ret == nullptr) {
-        ERROR("Failed to generate process spec: %s", err);
-    }
-    return ret;
-}
-
 static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_config_v2_common_config *config)
 {
     if (nullptr == config || nullptr == config->id) {
@@ -151,126 +52,11 @@ static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_con
     return sandbox;
 }

-static sandbox_sandbox_runtime *init_sandbox_runtime(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
-    sandbox_sandbox_runtime *runtime = nullptr;
-
-    auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
-    if (runtime_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return nullptr;
-    }
-    runtime = runtime_wrapper->get();
-    runtime->name = util_strdup_s(sandbox->GetRuntime().c_str());
-    // Just ignore options for now
-
-    return runtime_wrapper->move();
-}
-
-static json_map_string_string *init_sandbox_labels(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
-    json_map_string_string *labels = nullptr;
-
-    auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
-    if (labels_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return nullptr;
-    }
-    labels = labels_wrapper->get();
-    if (append_json_map_string_string(labels, "name", sandbox->GetName().c_str()) != 0) {
-        ERROR("Out of memory");
-        return nullptr;
-    }
-
-    return labels_wrapper->move();
-}
-
-static defs_map_string_object_any *init_sandbox_extensions(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
-    defs_map_string_object_any *extensions = nullptr;
-    size_t len = 1;
-    std::string task_json;
-
-    auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
-    if (extensions_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return nullptr;
-    }
-    extensions = extensions_wrapper->get();
-    extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
-    if (extensions->keys == nullptr) {
-        ERROR("Out of memory.");
-        return nullptr;
-    }
-    extensions->len = len;
-    extensions->values = (defs_map_string_object_any_element **)
-        util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
-    if (extensions->values == nullptr) {
-        ERROR("Out of memory.");
-        return nullptr;
-    }
-    extensions->values[0] = (defs_map_string_object_any_element *)
-        util_common_calloc_s(sizeof(defs_map_string_object_any_element));
-    if (extensions->values[0] == nullptr) {
-        ERROR("Out of memory.");
-        return nullptr;
-    }
-    extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
-    if (extensions->values[0]->element == nullptr) {
-        ERROR("Out of memory.");
-        return nullptr;
-    }
-
-    extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
-    task_json = sandbox->GetAnySandboxTasks();
-    if (task_json.empty()) {
-        ERROR("Failed to get any sandbox tasks");
-        return nullptr;
-    }
-    DEBUG("Get any sandbox tasks %s", task_json.c_str());
-    extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
-    extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
-    extensions->values[0]->element->value_len = strlen(task_json.c_str());
-
-    return extensions_wrapper->move();
-}
-
-static int init_api_sandbox(std::shared_ptr<sandbox::Sandbox> sandbox, sandbox_sandbox *apiSandbox)
-{
-    apiSandbox->sandbox_id = util_strdup_s(sandbox->GetId().c_str());
-    apiSandbox->runtime = init_sandbox_runtime(sandbox);
-    if (apiSandbox->runtime == nullptr) {
-        ERROR("Failed to init sandbox runtime");
-        return -1;
-    }
-    // Just ignore spec
-    apiSandbox->labels = init_sandbox_labels(sandbox);
-    if (apiSandbox->labels == nullptr) {
-        ERROR("Failed to init sandbox runtime");
-        return -1;
-    }
-    apiSandbox->created_at = sandbox->GetCreatedAt();
-    apiSandbox->updated_at = util_get_now_time_nanos();
-    apiSandbox->extensions = init_sandbox_extensions(sandbox);
-    if (apiSandbox->extensions == nullptr) {
-        ERROR("Failed to init sandbox runtime");
-        return -1;
-    }
-    apiSandbox->sandboxer = util_strdup_s(sandbox->GetSandboxer().c_str());
-
-    return 0;
-}

 int sandbox_prepare_container(const container_config_v2_common_config *config,
                               const oci_runtime_spec *oci_spec,
                               const char * console_fifos[], bool tty)
 {
-    sandbox_task *task = nullptr;
-    sandbox_sandbox *apiSandbox = nullptr;
-    int ret = -1;
-
-    INFO("Prepare container for sandbox");
-
     if (nullptr == console_fifos) {
         ERROR("Invlaid parameter: console_fifos");
         return -1;
@@ -282,67 +68,13 @@ int sandbox_prepare_container(const container_config_v2_common_config *config,
         return -1;
     }

-    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
-    if (apiSandbox_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    apiSandbox = apiSandbox_wrapper->get();
-    auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
-    if (task_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    task = task_wrapper->get();
-
-    task->task_id = util_strdup_s(config->id);
-    task->spec = clone_oci_runtime_spec(oci_spec);
-    if (task->spec == nullptr) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-    if (generate_ctrl_rootfs(task, config) != 0) {
-        ERROR("Invalid rootfs");
-        return -1;
-    }
-    task->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
-    task->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
-    task->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
-
-    if (!sandbox->AddSandboxTasks(task)) {
-        ERROR("Failed to add sandbox %s task.", config->id);
-        return -1;
-    }
-    task = task_wrapper->move();
-    ret = init_api_sandbox(sandbox, apiSandbox);
-    if (ret != 0) {
-        ERROR("Failed to init %s api sandbox.", config->id);
-        goto del_out;
-    }
-    ret = do_sandbox_update(sandbox, apiSandbox);
-
-del_out:
-    if (ret != 0) {
-        sandbox->DeleteSandboxTasks(config->id);
-    }
-    if (!sandbox->SaveSandboxTasks()) {
-        ERROR("Failed to Save %s sandbox tasks.", config->id);
-        ret = -1;
-    }
-
-    return ret;
+    return sandbox->PrepareContainer(config->id, config->base_fs, oci_spec, console_fifos);
 }

 int sandbox_prepare_exec(const container_config_v2_common_config *config,
                          const char *exec_id, defs_process *process_spec,
                          const char * console_fifos[], bool tty)
 {
-    sandbox_process *process = nullptr;
-    sandbox_sandbox *apiSandbox = nullptr;
-    int ret = -1;
-
-    INFO("Prepare exec for container in sandbox");
-
     if (nullptr == console_fifos) {
         ERROR("Invlaid parameter: console_fifos");
         return -1;
@@ -354,116 +86,29 @@ int sandbox_prepare_exec(const container_config_v2_common_config *config,
         return -1;
     }

-    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
-    if (apiSandbox_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    apiSandbox = apiSandbox_wrapper->get();
-    auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
-    if (process_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    process = process_wrapper->get();
-
-    process->exec_id = util_strdup_s(exec_id);
-    process->spec = clone_defs_process(process_spec);
-    if (process->spec == nullptr) {
-        ERROR("Out of memory.");
-        return -1;
-    }
-    process->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
-    process->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
-    process->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
-
-    if (!sandbox->AddSandboxTasksProcess(config->id, process)) {
-        ERROR("Failed to add sandbox %s process.", config->id);
-        return -1;
-    }
-    process = process_wrapper->move();
-    ret = init_api_sandbox(sandbox, apiSandbox);
-    if (ret != 0) {
-        ERROR("Failed to init %s api sandbox.", config->id);
-        goto del_out;
-    }
-    ret = do_sandbox_update(sandbox, apiSandbox);
-
-del_out:
-    if (ret != 0) {
-        sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
-    }
-    if (!sandbox->SaveSandboxTasks()) {
-        ERROR("Failed to Save %s sandbox tasks.", config->id);
-        ret = -1;
-    }
-
-    return ret;
+    return sandbox->PrepareExec(config->id, exec_id, process_spec, console_fifos);
 }

 int sandbox_purge_container(const container_config_v2_common_config *config)
 {
-    sandbox_sandbox *apiSandbox = nullptr;
-
-    INFO("Purge container for sandbox");
-
     auto sandbox = get_prepare_sandbox(config);
     if (sandbox == nullptr) {
         ERROR("Sandbox not found");
         return -1;
     }

-    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
-    if (apiSandbox_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    apiSandbox = apiSandbox_wrapper->get();
-
-    sandbox->DeleteSandboxTasks(config->id);
-    if (!sandbox->SaveSandboxTasks()) {
-        ERROR("Failed to Save %s sandbox tasks.", config->id);
-        return -1;
-    }
-
-    if (init_api_sandbox(sandbox, apiSandbox) != 0) {
-        ERROR("Failed to init %s api sandbox.", config->id);
-        return -1;
-    }
-    return do_sandbox_update(sandbox, apiSandbox);
+    return sandbox->PurgeContainer(config->id);
 }

 int sandbox_purge_exec(const container_config_v2_common_config *config, const char *exec_id)
 {
-    sandbox_sandbox *apiSandbox = nullptr;
-
-    INFO("Purge exec for container in sandbox");
-
     auto sandbox = get_prepare_sandbox(config);
     if (sandbox == nullptr) {
         ERROR("Sandbox not found");
         return -1;
     }

-    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
-    if (apiSandbox_wrapper == nullptr) {
-        ERROR("Out of memory");
-        return -1;
-    }
-    apiSandbox = apiSandbox_wrapper->get();
-
-    sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
-    if (!sandbox->SaveSandboxTasks()) {
-        ERROR("Failed to Save %s sandbox tasks.", config->id);
-        return -1;
-    }
-
-    if (init_api_sandbox(sandbox, apiSandbox) != 0) {
-        ERROR("Failed to init %s api sandbox.", exec_id);
-        return -1;
-    }
-
-    return do_sandbox_update(sandbox, apiSandbox);
+    return sandbox->PurgeExec(config->id, exec_id);
 }

 int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code)
diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
index 726b7b3a..b2e2fb32 100644
--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
+++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
@@ -23,13 +23,21 @@

 #include <isula_libutils/log.h>
 #include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/sandbox_sandbox.h>
+#include <isula_libutils/defs_process.h>

 #include "utils_file.h"
 #include "utils.h"
 #include "cxxutils.h"
+#include "utils_timestamp.h"
+#include "utils_array.h"

 namespace sandbox {

+const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
+const std::string SANDBOX_TASKS_KEY = "tasks";
+const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";
+
 SandboxerSandbox::SandboxerSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
                  const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
                  const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
@@ -251,4 +259,397 @@ void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const
     iter->second->DeleteSandboxTasksProcess(execId);
 }

+static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
+{
+    __isula_auto_free char *json_str = nullptr;
+    __isula_auto_free parser_error err = nullptr;
+    oci_runtime_spec *ret = nullptr;
+
+    json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
+    if (json_str == nullptr) {
+        ERROR("Failed to generate spec json: %s", err);
+        return nullptr;
+    }
+    ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
+    if (ret == nullptr) {
+        ERROR("Failed to generate spec: %s", err);
+    }
+    return ret;
+}
+
+static defs_process *clone_defs_process(defs_process *process_spec)
+{
+    __isula_auto_free char *json_str = nullptr;
+    __isula_auto_free parser_error err = nullptr;
+    defs_process *ret = nullptr;
+
+    json_str = defs_process_generate_json(process_spec, nullptr, &err);
+    if (json_str == nullptr) {
+        ERROR("Failed to generate process spec json: %s", err);
+        return nullptr;
+    }
+    ret = defs_process_parse_data(json_str, nullptr, &err);
+    if (ret == nullptr) {
+        ERROR("Failed to generate process spec: %s", err);
+    }
+    return ret;
+}
+
+auto SandboxerSandbox::GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int
+{
+    size_t len = 1;
+    if (nullptr == baseFs) {
+        ERROR("Container %s has no base fs", task->task_id);
+        return -1;
+    }
+
+    // TODO: rootfs's options left to be configured
+    task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
+    if (task->rootfs == nullptr) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+    task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
+    if (task->rootfs[0] == nullptr) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+    task->rootfs_len = len;
+    task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
+    task->rootfs[0]->source = util_strdup_s(baseFs);
+
+    return 0;
+}
+
+auto SandboxerSandbox::InitSandboxRuntime() -> sandbox_sandbox_runtime *
+{
+    sandbox_sandbox_runtime *runtime = nullptr;
+
+    auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
+    if (runtime_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return nullptr;
+    }
+    runtime = runtime_wrapper->get();
+    runtime->name = util_strdup_s(GetRuntime().c_str());
+    // Just ignore options for now
+
+    return runtime_wrapper->move();
+}
+
+auto SandboxerSandbox::InitSandboxLabels() -> json_map_string_string *
+{
+    json_map_string_string *labels = nullptr;
+
+    auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
+    if (labels_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return nullptr;
+    }
+    labels = labels_wrapper->get();
+    if (append_json_map_string_string(labels, "name", GetName().c_str()) != 0) {
+        ERROR("Out of memory");
+        return nullptr;
+    }
+
+    return labels_wrapper->move();
+}
+
+auto SandboxerSandbox::InitSandboxExtensions() -> defs_map_string_object_any *
+{
+    defs_map_string_object_any *extensions = nullptr;
+    size_t len = 1;
+    std::string task_json;
+
+    auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
+    if (extensions_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return nullptr;
+    }
+    extensions = extensions_wrapper->get();
+
+    extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
+    if (extensions->keys == nullptr) {
+        ERROR("Out of memory.");
+        return nullptr;
+    }
+    extensions->values = (defs_map_string_object_any_element **)
+        util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
+    if (extensions->values == nullptr) {
+        ERROR("Out of memory.");
+        free(extensions->keys);
+        extensions->keys = nullptr;
+        return nullptr;
+    }
+    extensions->len = len;
+
+    extensions->values[0] = (defs_map_string_object_any_element *)
+        util_common_calloc_s(sizeof(defs_map_string_object_any_element));
+    if (extensions->values[0] == nullptr) {
+        ERROR("Out of memory.");
+        return nullptr;
+    }
+    extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
+    if (extensions->values[0]->element == nullptr) {
+        ERROR("Out of memory.");
+        return nullptr;
+    }
+
+    extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
+    task_json = GetAnySandboxTasks();
+    if (task_json.empty()) {
+        ERROR("Failed to get any sandbox tasks");
+        return nullptr;
+    }
+    DEBUG("Get any sandbox tasks %s", task_json.c_str());
+    extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
+    extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
+    extensions->values[0]->element->value_len = strlen(task_json.c_str());
+
+    return extensions_wrapper->move();
+}
+
+auto SandboxerSandbox::InitApiSandbox(sandbox_sandbox *apiSandbox) -> int
+{
+    apiSandbox->sandbox_id = util_strdup_s(GetId().c_str());
+    apiSandbox->runtime = InitSandboxRuntime();
+    if (apiSandbox->runtime == nullptr) {
+        ERROR("Failed to init sandbox runtime");
+        return -1;
+    }
+    // Just ignore spec
+    apiSandbox->labels = InitSandboxLabels();
+    if (apiSandbox->labels == nullptr) {
+        ERROR("Failed to init sandbox runtime");
+        return -1;
+    }
+    apiSandbox->created_at = GetCreatedAt();
+    apiSandbox->updated_at = util_get_now_time_nanos();
+    apiSandbox->extensions = InitSandboxExtensions();
+    if (apiSandbox->extensions == nullptr) {
+        ERROR("Failed to init sandbox runtime");
+        return -1;
+    }
+    apiSandbox->sandboxer = util_strdup_s(GetSandboxer().c_str());
+
+    return 0;
+}
+
+auto SandboxerSandbox::DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int
+{
+    Errors err;
+    size_t fields_len = 1;
+    __isula_auto_string_array_t string_array *fields = nullptr;
+
+    fields = util_string_array_new(fields_len);
+    if (fields == nullptr) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+    if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+
+    auto controller = sandbox::ControllerManager::GetInstance()->GetController(GetSandboxer());
+    if (nullptr == controller) {
+        ERROR("Invalid sandboxer name: %s", GetSandboxer().c_str());
+        return -1;
+    }
+
+    if (!controller->Update(apiSandbox, fields, err)) {
+        ERROR("Failed to update in container controller update: %s", err.GetCMessage());
+        return -1;
+    }
+
+    return 0;
+}
+
+auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
+                                        const oci_runtime_spec *ociSpec,
+                                        const char *consoleFifos[]) -> int
+{
+    sandbox_task *task = nullptr;
+    sandbox_sandbox *apiSandbox = nullptr;
+
+    INFO("Prepare container for sandbox");
+
+    if (nullptr == consoleFifos) {
+        ERROR("Invlaid parameter: consoleFifos");
+        return -1;
+    }
+
+    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+    if (apiSandbox_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    apiSandbox = apiSandbox_wrapper->get();
+    auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
+    if (task_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    task = task_wrapper->get();
+
+    task->task_id = util_strdup_s(containerId);
+    task->spec = clone_oci_runtime_spec(ociSpec);
+    if (task->spec == nullptr) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+    if (GenerateCtrlRootfs(task, baseFs) != 0) {
+        ERROR("Invalid rootfs");
+        return -1;
+    }
+    task->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
+    task->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
+    task->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
+
+    if (!AddSandboxTasks(task)) {
+        ERROR("Failed to add sandbox %s task.", containerId);
+        return -1;
+    }
+    task = task_wrapper->move();
+    if (InitApiSandbox(apiSandbox) != 0) {
+        ERROR("Failed to init %s api sandbox.", containerId);
+        goto del_out;
+    }
+    if (DoSandboxUpdate(apiSandbox) != 0) {
+        ERROR("Failed to update %s api sandbox.", containerId);
+        goto del_out;
+    }
+    if (!SaveSandboxTasks()) {
+        ERROR("Failed to Save %s sandbox tasks.", containerId);
+        (void)PurgeContainer(containerId);
+        return -1;
+    }
+    return 0;
+
+del_out:
+    DeleteSandboxTasks(containerId);
+    return -1;
+}
+
+auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
+                                   defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+    sandbox_process *process = nullptr;
+    sandbox_sandbox *apiSandbox = nullptr;
+
+    INFO("Prepare exec for container in sandbox");
+
+    if (nullptr == consoleFifos) {
+        ERROR("Invlaid parameter: consoleFifos");
+        return -1;
+    }
+
+    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+    if (apiSandbox_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    apiSandbox = apiSandbox_wrapper->get();
+    auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
+    if (process_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    process = process_wrapper->get();
+
+    process->exec_id = util_strdup_s(execId);
+    process->spec = clone_defs_process(processSpec);
+    if (process->spec == nullptr) {
+        ERROR("Out of memory.");
+        return -1;
+    }
+    process->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
+    process->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
+    process->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
+
+    if (!AddSandboxTasksProcess(containerId, process)) {
+        ERROR("Failed to add sandbox %s process.", containerId);
+        return -1;
+    }
+    process = process_wrapper->move();
+    if (InitApiSandbox(apiSandbox) != 0) {
+        ERROR("Failed to init %s api sandbox.", containerId);
+        goto del_out;
+    }
+    if (DoSandboxUpdate(apiSandbox) != 0) {
+        ERROR("Failed to init %s api sandbox.", containerId);
+        goto del_out;
+    }
+    if (!SaveSandboxTasks()) {
+        ERROR("Failed to Save %s sandbox tasks.", containerId);
+        (void)PurgeExec(containerId, execId);
+        return -1;
+    }
+    return 0;
+
+del_out:
+    DeleteSandboxTasksProcess(containerId, execId);
+    return -1;
+}
+
+auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
+{
+    sandbox_sandbox *apiSandbox = nullptr;
+
+    INFO("Purge container for sandbox");
+
+    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+    if (apiSandbox_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    apiSandbox = apiSandbox_wrapper->get();
+
+    DeleteSandboxTasks(containerId);
+
+    if (InitApiSandbox(apiSandbox) != 0) {
+        ERROR("Failed to init %s api sandbox.", containerId);
+        return -1;
+    }
+    if (DoSandboxUpdate(apiSandbox) != 0) {
+        ERROR("Failed to update %s api sandbox.", containerId);
+        return -1;
+    }
+    if (!SaveSandboxTasks()) {
+        ERROR("Failed to Save %s sandbox tasks.", containerId);
+        return -1;
+    }
+    return 0;
+}
+
+auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+    sandbox_sandbox *apiSandbox = nullptr;
+
+    INFO("Purge exec for container in sandbox");
+
+    auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+    if (apiSandbox_wrapper == nullptr) {
+        ERROR("Out of memory");
+        return -1;
+    }
+    apiSandbox = apiSandbox_wrapper->get();
+
+    DeleteSandboxTasksProcess(containerId, execId);
+
+    if (InitApiSandbox(apiSandbox) != 0) {
+        ERROR("Failed to init %s api sandbox.", execId);
+        return -1;
+    }
+    if (DoSandboxUpdate(apiSandbox) != 0) {
+        ERROR("Failed to update %s api sandbox.", execId);
+        return -1;
+    }
+    if (!SaveSandboxTasks()) {
+        ERROR("Failed to Save %s sandbox tasks.", containerId);
+        return -1;
+    }
+    return 0;
+}
+
 }
\ No newline at end of file
diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
index 552eb328..37a96cd6 100644
--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
+++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
@@ -33,24 +33,39 @@ public:
             const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
             const std::string image = "");
     virtual ~SandboxerSandbox() = default;
-
-    // for sandbox api update
-    auto GetTasksJsonPath() -> std::string;
+
     void LoadSandboxTasks() override;
-    auto SaveSandboxTasks() -> bool override;
-    auto AddSandboxTasks(sandbox_task *task) -> bool override;
-    auto GetAnySandboxTasks() -> std::string override;
-    void DeleteSandboxTasks(const char *containerId) override;
-    auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
-    void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
+
+    auto PrepareContainer(const char *containerId, const char *baseFs,
+                          const oci_runtime_spec *ociSpec,
+                          const char *consoleFifos[]) -> int override;
+    auto PrepareExec(const char *containerId, const char *execId,
+                     defs_process *processSpec, const char *consoleFifos[]) -> int override;
+    auto PurgeContainer(const char *containerId) -> int override;
+    auto PurgeExec(const char *containerId, const char *execId) -> int override;

 private:
+    auto GetTasksJsonPath() -> std::string;
+    auto SaveSandboxTasks() -> bool;
+    auto AddSandboxTasks(sandbox_task *task) -> bool;
+    auto GetAnySandboxTasks() -> std::string;
+    void DeleteSandboxTasks(const char *containerId);
+    auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool;
+    void DeleteSandboxTasksProcess(const char *containerId, const char *execId);
+
     auto AddTaskById(const char *task_id, sandbox_task *task) -> bool;
     auto ReadSandboxTasksJson() -> sandbox_tasks *;
     auto WriteSandboxTasksJson(std::string &tasks_json) -> bool;
     auto DeleteSandboxTasksJson() -> bool;
     void AddSandboxTasksByArray(sandbox_tasks *tasksArray);

+    auto GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int;
+    auto InitSandboxRuntime() -> sandbox_sandbox_runtime *;
+    auto InitSandboxLabels() -> json_map_string_string *;
+    auto InitSandboxExtensions() -> defs_map_string_object_any *;
+    auto InitApiSandbox(sandbox_sandbox *apiSandbox) -> int;
+    auto DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int;
+
 private:
     // use m_tasksMutex to ensure the correctness of the tasks
     RWMutex m_tasksMutex;
diff --git a/src/daemon/sandbox/shim/shim_sandbox.cc b/src/daemon/sandbox/shim/shim_sandbox.cc
deleted file mode 100644
index 2efb8d7c..00000000
--- a/src/daemon/sandbox/shim/shim_sandbox.cc
+++ /dev/null
@@ -1,65 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-20
- * Description: provide sandboxer sandbox class definition
- *********************************************************************************/
-#include "shim_sandbox.h"
-
-#include <unistd.h>
-#include <string>
-
-#include <isula_libutils/log.h>
-#include <isula_libutils/auto_cleanup.h>
-
-
-namespace sandbox {
-
-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
-                 const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
-                 const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
-					 								  netNsPath, sandboxConfig, image)
-{
-}
-
-void ShimSandbox::LoadSandboxTasks()
-{
-}
-
-auto ShimSandbox::SaveSandboxTasks() -> bool
-{
-    return true;
-}
-
-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
-{
-    return true;
-}
-
-auto ShimSandbox::GetAnySandboxTasks() -> std::string
-{
-    return std::string("Nothing for shim.");
-}
-
-void ShimSandbox::DeleteSandboxTasks(const char *containerId)
-{
-}
-
-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
-{
-   return true;
-}
-
-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId)
-{
-}
-
-}
\ No newline at end of file
diff --git a/src/daemon/sandbox/shim/shim_sandbox.h b/src/daemon/sandbox/shim/shim_sandbox.h
deleted file mode 100644
index 82da0573..00000000
--- a/src/daemon/sandbox/shim/shim_sandbox.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-20
- * Description: provide shim sandbox class definition
- *********************************************************************************/
-
-#ifndef DAEMON_SANDBOX_SHIM_SANDBOX_H
-#define DAEMON_SANDBOX_SHIM_SANDBOX_H
-
-#include <string>
-#include <mutex>
-#include <google/protobuf/map.h>
-
-#include "read_write_lock.h"
-#include "sandbox_task.h"
-#include "sandbox.h"
-
-namespace sandbox {
-
-class ShimSandbox : public Sandbox {
-public:
-    ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name = "",
-            const RuntimeInfo info = {"", "", ""}, std::string netMode = DEFAULT_NETMODE, std::string netNsPath = "",
-            const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
-            const std::string image = "");
-    virtual ~ShimSandbox() = default;
-
-    // for sandbox api update
-    void LoadSandboxTasks() override;
-    auto SaveSandboxTasks() -> bool override;
-    auto AddSandboxTasks(sandbox_task *task) -> bool override;
-    auto GetAnySandboxTasks() -> std::string override;
-    void DeleteSandboxTasks(const char *containerId) override;
-    auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
-    void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
-};
-
-} // namespace sandbox
-
-#endif // DAEMON_SANDBOX_SHIM_SANDBOX_H
\ No newline at end of file
--
2.23.0