make agent listen on unix socket instead of all devices

[dcmiddle]

Occlum needs to add support for Unix Domain Sockets
Once that is added, update the agent...

Update src/enclave-agent/Cargo.toml to use upstream ttrpc instead of haosanzi's branch

ttrpc = { git = "https://github.com/haosanzi/ttrpc-rust", features = ["async"] }

Fix TODO comment in agent src/enclave-agent/src/main.rs
// TODO: will replace with unix socket
const SOCK_ADDR: &str = "tcp://0.0.0.0:7788";

[ariel-adam]

@dcmiddle is this issue still relevant or can be closed?
If it's still relevant to what release do you think we should map it to (mid-November, end-December, mid-February etc...)?

[dcmiddle]

target for after occlum 1.0 release at end of calendar year. This is a security enhancement and does not block current release features.

[hairongchen]

one thing related is k8s needs liveness and readiness probe to determining the status of the container, will the agent in the future need to respond to these checks in addition to app specific liveness and readiness checks?

[mythi]

one thing related is k8s needs liveness and readiness probe to determining the status of the container, will the agent in the future need to respond to these checks in addition to app specific liveness and readiness checks?

no. the agent is opaque to kubernetes

[hairongchen]

nevertheless, though all considered infra structure containers, but not like pause container, agent enclave container has a running process, runtime still has the responsibility to make sure the enclave-agent is healthy and functional and take action upon agent process failure.

[mythi]

one additional thing that needs fixing here is: each pod gets a unique socket. currently, when running several pods they all have an agent that listen to the same address/port in the host network namespace