patch: isolate a pkcs11 module

[Stef Walter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11.11.2014 10:36, Nikos Mavrogiannopoulos wrote:
> On Mon, 2014-11-10 at 11:41 +0100, Stef Walter wrote:
> 
>> +int       p11_kit_server          (int argc, +
>> char *argv[]); Because things like like SELinux and AppArmor
>> would want to treat the server differently, we should make it run
>> in a separate process. You can see how this was done for 'p11-kit
>> remote'.
> 
> I think it would make more sense to separate it from the p11-kit
> binary completely.
> 
>> This sorta thing should go into common/compat.[ch]. Ideally it
>> would be broken out as a separate commit.
>> 
>> I'm uncomfortable with libraries changing signal handlers like
>> this. It would be better to put all such logic into the actual
>> binary of the server. What is missing from
>> p11_kit_remote_serve_module() to enable that?
> 
> These are used by the server only. If they are included in the
> library, that is not intentional. I'll see to separate them.
> 
>> +		if (!p11_rpc_server_handle (name, &virt->funcs, buffer,
>> buffer)) { +			p11_message ("unexpected error handling rpc
>> message"); +			goto out; +		} This means we cannot handle
>> multi-threading in the PKCS#11 client. Is this expected? Is it a
>> limitation of your first round implementation? Do you plan to
>> address it later? I think that 'p11-kit remote' has a similar
>> issue outstanding. Any thoughts here?
> 
> True. I based it on that code so the limitations are shared. That's
> a pretty serious limitation and it's nice you spotted it. As far as
> I understand they can be done thread safe by a mutex.

I have some unfinished server mainloop code here. In case it's helpful:

http://cgit.freedesktop.org/p11-glue/p11-kit/commit/?h=wip/rpc-layer

Stef


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRiCp0ACgkQe/sRCNknZa+dugCgx/vq+RgB7UXeXL3Tle2ddT82
AEYAoIcYEF3L76Bk00/eCFgTNxkGKTEA
=UxR1
-----END PGP SIGNATURE-----