p11-kit: Remove the 'isolated' option for now

This option was not completed in time, and as implemented suffers
from limitations that the module is not really completely isolated
as it still runs under the same user id as the calling process.

diff --git a/doc/manual/p11-kit-sharing.xml b/doc/manual/p11-kit-sharing.xml
index 95dd8659b2cc01e7e598c2b4c76b958e9cac6c3b..8be305713625d824d7e50a4b00e84f64b0b4dfd0 100644 (file)
--- a/doc/manual/p11-kit-sharing.xml
+++ b/doc/manual/p11-kit-sharing.xml
@@ -100,8 +100,9 @@
                        module configuration option.</para>
                </listitem>
                <listitem>
-                       <para>Managed modules have the ability to be isolated in their own process
-                       See the <link linkend="option-isolated"><literal>isolated = yes</literal></link>
+                       <para>Managed modules have the ability to be remoted to another machine or
+                       isolated in their own process.
+                       See the <link linkend="option-remote"><literal>remote = ...</literal></link>
                        module configuration option.</para>
                </listitem>
                </itemizedlist>

diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
index 86c8fcbd4d024c25e96996996f3908d21033ceaa..16e6cb23f8f0de6fc4a8e54c8dc6ea95edbd368b 100644 (file)
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -131,14 +131,6 @@ x-custom : text
                        not present, then any process will load the module.</para>
                </listitem>
        </varlistentry>
-       <varlistentry id="option-isolated">
-               <term><option>isolated:</option></term>
-               <listitem>
-                       <para>Set to <literal>yes</literal> to run this PKCS#11 module in its own
-                       process. This is a simple way to set the <option>remote</option> to
-                       accomplish the same thing.</para>
-               </listitem>
-       </varlistentry>
        <varlistentry>
                <term><option>managed:</option></term>
                <listitem>
@@ -162,7 +154,7 @@ x-custom : text
                        alphabetically.</para>
                </listitem>
        </varlistentry>
-       <varlistentry>
+       <varlistentry id="option-remote">
                <term><option>remote:</option></term>
                <listitem>
                        <para>Instead of loading the PKCS#11 module locally, run the module
@@ -173,6 +165,7 @@ x-custom : text
 <programlisting>
 remote: |ssh user@remote p11-kit remote /path/to/module.so
 </programlisting>
+                       <para>Other forms of remoting will appear in later p11-kit releases.</para>
                </listitem>
        </varlistentry>
        <varlistentry>

diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index bc6f768569ea3d49650629e70dfd9770d405f1f1..8aaa769b02553b4bcd624ea12c028527e9c145ba 100644 (file)
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -486,7 +486,6 @@ take_config_and_load_module_inlock (char **name,
        const char *remote = NULL;
        char *value = NULL;
        CK_RV rv = CKR_OK;
-       bool isolated;
        Module *mod;
 
        assert (name);
@@ -506,18 +505,6 @@ take_config_and_load_module_inlock (char **name,
                }
        }
 
-       /* The 'isolated' setting is just a simple way to configure remote */
-       isolated = _p11_conf_parse_boolean (p11_dict_get (*config, "isolated"), false);
-       if (isolated) {
-               if (remote) {
-                       p11_message ("ignoring 'isolated' on module '%s' because 'remote' is set", *name);
-               } else {
-                       if (asprintf (&value, "|" BINDIR "/p11-kit remote '%s'", filename) < 0)
-                               return_val_if_reached (CKR_DEVICE_ERROR);
-                       remote = value;
-               }
-       }
-
        if (remote != NULL) {
                rv = setup_module_for_remote_inlock (*name, remote, &mod);
                if (rv != CKR_OK)