Document the SELinux issue with callbacks

author: Armin Rigo <arigo@tunes.org> 2015-11-14 19:44:01 +0100
committer: Armin Rigo <arigo@tunes.org> 2015-11-14 19:44:01 +0100
commit: 0ca8648baaffac075848c7a26e63d7221cca62b2 (patch)
tree: 4458aef97f994942977a51d2ee3e6b068b263f45 /doc/source/using.rst
parent: 122246b285717ccd5c5b6d4fe2b9bda2a113a2ea (diff)
download: cffi-0ca8648baaffac075848c7a26e63d7221cca62b2.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/source/using.rst b/doc/source/using.rst
index f462164..0b3d363 100644
--- a/doc/source/using.rst
+++ b/doc/source/using.rst
@@ -514,6 +514,16 @@ directly as ``ffi.callback("int(int, int)", myfunc)``.  This is
 discouraged: using this a style, we are more likely to forget the
 callback object too early, when it is still in use.
 
+.. warning::
+    
+    **SELinux** requires that the setting ``deny_execmem`` is left to
+    its default setting of ``off`` to use callbacks.  A fix in cffi was
+    attempted (see the ``ffi_closure_alloc`` branch), but this branch is
+    not merged because it creates potential memory corruption with
+    ``fork()``.  For more information, `see here.`__
+
+.. __: https://bugzilla.redhat.com/show_bug.cgi?id=1249685
+
 *New in version 1.2:* If you want to be sure to catch all exceptions, use
 ``ffi.callback(..., onerror=func)``.  If an exception occurs and
 ``onerror`` is specified, then ``onerror(exception, exc_value,
author	Armin Rigo <arigo@tunes.org>	2015-11-14 19:44:01 +0100
committer	Armin Rigo <arigo@tunes.org>	2015-11-14 19:44:01 +0100
commit	0ca8648baaffac075848c7a26e63d7221cca62b2 (patch)
tree	4458aef97f994942977a51d2ee3e6b068b263f45 /doc/source/using.rst
parent	122246b285717ccd5c5b6d4fe2b9bda2a113a2ea (diff)
download	cffi-0ca8648baaffac075848c7a26e63d7221cca62b2.tar.gz