Created attachment 1511522 [details] Patch to attempt to use fixed closures before calling libffi Description of problem: Calls to p11_virtual_wrap are creating and mmapping tmpfiles. Many programs that link p11-kit-proxy.so (directly or not) may not have SELinux permissions to create tmpfiles (or mmap them), leading to a series of violation reports, and the following errors logged: ffi_closure_alloc failed There are lots of "auto-generated" bugs from the SELinux violations, but I logged a specific one for certwatch (bug 1655619). Version-Release number of selected component (if applicable): p11-kit-0.23.14-1.fc29.x86_64 How reproducible: Whenever the function is called from a library or program that cannot create tmpfiles (eg. certwatch in crypto-utils or upsmon in nut-monitor) Additional info: This bug appears to be fixed upstream... I've attached the commit that fixes the problem (tested, does indeed fix the errors and SELinux violations)
*** Bug 1655619 has been marked as a duplicate of this bug. ***
p11-kit-0.23.14-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d6ee591d9
p11-kit-0.23.14-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d6ee591d9
p11-kit-0.23.14-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.