libffi prevents p11-kit from being usable with selinux
Nikos Mavrogiannopoulos
nmav at redhat.com
Tue Sep 22 02:55:48 PDT 2015
On Mon, 2015-09-21 at 15:12 +0200, Stef Walter wrote:
> Several functions (such as CloseAllSessions()) in PKCS#11 act
> globally.
> By returning a different closure for those function pointers to each
> caller, we can scope those effects. We don't do this only in the
> proxy
> module, but throughout the PKCS#11 API.
>
> The following functions are routinely wrapped in a closure:
>
> C_Initialize
> C_Finalize
> C_CloseAllSessions
> C_CloseSession
> C_OpenSession
>
> In addition, if things like remoting or logging are enabled, then all
> functions are wrapped ... so their arguments can be remoted or logged
> respectively.
[...]
> 2. We could precompile NNNN closures into the executable, and these
> would be consumed as necessary. This is how p11-kit used to
> perform
> this task. It's really horrible code ... but could be done as a
> last
> resort ... and the code is in the git history.
I've tried with avoiding the tmpdir in libffi, and have the same issue
with executable memory. So I think we are at this point...
More information about the p11-glue
mailing list