From 940b03cef2ed31aef1c8dfd7d25fa74145311fd7 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 16 Jun 2014 11:19:40 -0700
Subject: [PATCH] [master] release seccomp context when finished

---
 bin/named/main.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/bin/named/main.c b/bin/named/main.c
index 266d84fb36..2e2f67b7d3 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -814,12 +814,17 @@ setup_seccomp() {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
 			      NS_LOGMODULE_MAIN, ISC_LOG_WARNING,
 			      "libseccomp unable to load filter");
-		return;
+	} else {
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+			      "libseccomp sandboxing active");
 	}
 
-	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-		      NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
-		      "libseccomp sandboxing active");
+	/*
+	 * Release filter in ctx. Filters already loaded are not
+	 * affected.
+	 */
+	seccomp_release(ctx);
 }
 #endif /* HAVE_LIBSECCOMP */