libffi prevents p11-kit from being usable with selinux
stefw at redhat.com
Wed Sep 23 07:20:43 PDT 2015
On 23.09.2015 13:41, Nikos Mavrogiannopoulos wrote:
> On Tue, 2015-09-22 at 16:19 +0200, Stef Walter wrote:
>> On 22.09.2015 11:55, Nikos Mavrogiannopoulos wrote:
>>> On Mon, 2015-09-21 at 15:12 +0200, Stef Walter wrote:
>>>> Several functions (such as CloseAllSessions()) in PKCS#11 act
>>>> By returning a different closure for those function pointers to
>>>> caller, we can scope those effects. We don't do this only in the
>>>> module, but throughout the PKCS#11 API.
>>>> The following functions are routinely wrapped in a closure:
>>>> In addition, if things like remoting or logging are enabled, then
>>>> all functions are wrapped ... so their arguments can be remoted
>>>> or logged respectively.
> I'm wondering, what if we treat a failure of libffi to initialize the
> same as when WITH_FFI is not defined? That way we wouldn't get all
> features but the basic stuff that apache could work. What do you think,
> could that work? Does it worth a try?
What is calling p11-kit in the apache case? Could it just ask for
P11_KIT_UNMANAGED modules? That would avoid the issue here, I think.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the p11-glue