libffi prevents p11-kit from being usable with selinux
nmav at redhat.com
Tue Sep 22 07:47:55 PDT 2015
On Tue, 2015-09-22 at 16:19 +0200, Stef Walter wrote:
> > I've tried with avoiding the tmpdir in libffi, and have the same
> > issue
> > with executable memory. So I think we are at this point...
> That would place a static limit on the amount of callers of any
> "managed" PKCS#11 modules in p11-kit. What is the number you think is
> appropriate to limit that to to in a single process?
Any number will be arbitrary, but I think that a number like 64 modules
seems enough. It is quite excessive but that would avoid issues with
overflowing any time soon.
More information about the p11-glue