libffi prevents p11-kit from being usable with selinux
stefw at redhat.com
Tue Sep 22 07:49:09 PDT 2015
On 22.09.2015 16:47, Nikos Mavrogiannopoulos wrote:
> On Tue, 2015-09-22 at 16:19 +0200, Stef Walter wrote:
>>> I've tried with avoiding the tmpdir in libffi, and have the same
>>> with executable memory. So I think we are at this point...
>> That would place a static limit on the amount of callers of any
>> "managed" PKCS#11 modules in p11-kit. What is the number you think is
>> appropriate to limit that to to in a single process?
> Any number will be arbitrary, but I think that a number like 64 modules
> seems enough. It is quite excessive but that would avoid issues with
> overflowing any time soon.
So if you have 8 modules on your system ... then that would mean 8 calls
to p11_kit_load_modules() per process.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the p11-glue