From d3505c2b556b859e1a14062579fd67ec2ab25435 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 1 Oct 2014 17:14:50 +0200 Subject: p11-kit: Remove the 'isolated' option for now This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process. --- p11-kit/modules.c | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'p11-kit') diff --git a/p11-kit/modules.c b/p11-kit/modules.c index bc6f768..8aaa769 100644 --- a/p11-kit/modules.c +++ b/p11-kit/modules.c @@ -486,7 +486,6 @@ take_config_and_load_module_inlock (char **name, const char *remote = NULL; char *value = NULL; CK_RV rv = CKR_OK; - bool isolated; Module *mod; assert (name); @@ -506,18 +505,6 @@ take_config_and_load_module_inlock (char **name, } } - /* The 'isolated' setting is just a simple way to configure remote */ - isolated = _p11_conf_parse_boolean (p11_dict_get (*config, "isolated"), false); - if (isolated) { - if (remote) { - p11_message ("ignoring 'isolated' on module '%s' because 'remote' is set", *name); - } else { - if (asprintf (&value, "|" BINDIR "/p11-kit remote '%s'", filename) < 0) - return_val_if_reached (CKR_DEVICE_ERROR); - remote = value; - } - } - if (remote != NULL) { rv = setup_module_for_remote_inlock (*name, remote, &mod); if (rv != CKR_OK) -- cgit v1.1