Customized for TEE&Occlum

[NKcqx]

Why are these changes needed?

In TEE(Trusted Execution Environment), there are some security-related restriction in OS level, like: No /dev/shm, fork system call is banned, etc., in which running a normal application may encounter problems like crash, hanging... Therefore, some customized patches are needed in order to run Ray inside TEE.

1. fork -> vfork& posix_spawn;
2. replace sharing memory by mmap from /dev/shm by directly passing physical memory address since Occlum allows cross process memory accessing;
3. remove operations that may access /proc/stat since occlum only support limited fields of processes in the file;
4. disable memory monitor (temporally workaround)
5. optional compiling & running

Related issue number

Checks

• [ ] I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
• [ ] I've run scripts/format.sh to lint the changes in this PR.
• [ ] I've included any doc changes needed for https://docs.ray.io/en/master/.
• [ ] I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
• Testing Strategy
  • [ ] Unit tests
  • [ ] Release tests
  • [ ] This PR is not tested :(

[jovany-wang]

Is it possible to add a unit test for running ray in Occlum?

[jovany-wang]

@zhouaihui @ian-huu @miluoalbert CC

[jovany-wang]

Let us build the ENABLE_TEE=true to occlum image by default? so that if it's a occlum image, that env works by default, without any manually exporting.

[NKcqx]

Is it possible to add a unit test for running ray in Occlum?

Data transmission is done by passing a physical mem address in Occlum, this behavior will incur crashes in many stages, e.g. ray.init, outside the Occlum container. Therefore, no particular interesting tests.