summaryrefslogtreecommitdiff
path: root/p11-kit
diff options
context:
space:
mode:
authorStef Walter <stefw@redhat.com>2014-10-01 17:14:50 +0200
committerStef Walter <stefw@redhat.com>2014-10-01 17:14:50 +0200
commitd3505c2b556b859e1a14062579fd67ec2ab25435 (patch)
tree7ce15d624a715d1fc96b8dd3a3b63fee4abf49cd /p11-kit
parentc41e0e1d9a4a9a4533bc6f370e5eebe1d6b9752c (diff)
p11-kit: Remove the 'isolated' option for now
This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process.
Diffstat (limited to 'p11-kit')
-rw-r--r--p11-kit/modules.c13
1 files changed, 0 insertions, 13 deletions
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index bc6f768..8aaa769 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -486,7 +486,6 @@ take_config_and_load_module_inlock (char **name,
const char *remote = NULL;
char *value = NULL;
CK_RV rv = CKR_OK;
- bool isolated;
Module *mod;
assert (name);
@@ -506,18 +505,6 @@ take_config_and_load_module_inlock (char **name,
}
}
- /* The 'isolated' setting is just a simple way to configure remote */
- isolated = _p11_conf_parse_boolean (p11_dict_get (*config, "isolated"), false);
- if (isolated) {
- if (remote) {
- p11_message ("ignoring 'isolated' on module '%s' because 'remote' is set", *name);
- } else {
- if (asprintf (&value, "|" BINDIR "/p11-kit remote '%s'", filename) < 0)
- return_val_if_reached (CKR_DEVICE_ERROR);
- remote = value;
- }
- }
-
if (remote != NULL) {
rv = setup_module_for_remote_inlock (*name, remote, &mod);
if (rv != CKR_OK)