Hello,
On Fri, Oct 24, 2025 at 11:15:37AM -0600, Theo de Raadt wrote:
> Would it be unreasonable for pfctl_restore_limits() close(dev) and then dev =
> -1?
>
> Then the one-shot behaviour is encoded in the function.
>
> It is still a bad idea to double-register it, tho. The existing
> logic suspicious.
>
I've just committed the diff which got OK from bluhm. I think it's
good enough. The static variable `restore_limit_handler_armed` serves
two purposes:
- makes pfctl_restore_limits() act as one-shot (if it invoked via.
atexit() only which is the case currently)
- prevents pfctl(8) to register more than one atexit handler
may be someone will find a way which will avoid atexit handler completely.
thanks and
regards
sashan
