comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]
tg at tgbit.net
Mon Jan 14 14:55:46 PST 2013
>>>>> On Mon, 14 Jan 2013 15:21:24 -0500, Simo Sorce <simo at redhat.com> said:
> On Mon, 2013-01-14 at 20:50 +0100, Gabor Toth wrote:
>> As for the actual implementation of the database, one option is
>> SQLite, which already implements a proper locking scheme for shared
>> access across many applications, to facilitate frequent read/write
>> operations. PKCS#11 would be another option, but not sure how
>> libraries implementing it handle shared access. How does p11-kit
>> handle this?
> You can't use SQLite across different user processes boundaries, so if
> you want to do this 'system wide ', it is off (and anything that relies
> on collaborative locking like fcntl locks).
In order to make it really multi-user, a system-wide daemon process could
handle the database, and applications would communicate with this process.
More information about the p11-glue