libffi prevents p11-kit from being usable with selinux

Stef Walter stefw at
Tue Sep 22 07:49:09 PDT 2015

On 22.09.2015 16:47, Nikos Mavrogiannopoulos wrote:
> On Tue, 2015-09-22 at 16:19 +0200, Stef Walter wrote:
>>> I've tried with avoiding the tmpdir in libffi, and have the same
>>> issue
>>> with executable memory. So I think we are at this point... 
>> That would place a static limit on the amount of callers of any
>> "managed" PKCS#11 modules in p11-kit. What is the number you think is
>> appropriate to limit that to to in a single process?
> Any number will be arbitrary, but I think that a number like 64 modules
> seems enough. It is quite excessive but that would avoid issues with
> overflowing any time soon.

So if you have 8 modules on your system ... then that would mean 8 calls
to p11_kit_load_modules() per process.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the p11-glue mailing list