libffi prevents p11-kit from being usable with selinux
Stef Walter
stefw at redhat.com
Tue Sep 22 07:49:09 PDT 2015
On 22.09.2015 16:47, Nikos Mavrogiannopoulos wrote:
> On Tue, 2015-09-22 at 16:19 +0200, Stef Walter wrote:
>
>>> I've tried with avoiding the tmpdir in libffi, and have the same
>>> issue
>>> with executable memory. So I think we are at this point...
>> That would place a static limit on the amount of callers of any
>> "managed" PKCS#11 modules in p11-kit. What is the number you think is
>> appropriate to limit that to to in a single process?
>
> Any number will be arbitrary, but I think that a number like 64 modules
> seems enough. It is quite excessive but that would avoid issues with
> overflowing any time soon.
So if you have 8 modules on your system ... then that would mean 8 calls
to p11_kit_load_modules() per process.
Stef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20150922/c0329400/attachment.sig>
More information about the p11-glue
mailing list