how to use seccomp_release libseccomp?

Question

Should I release the filter also after seccomp_load() is called? Or only if some of the calls to seccomp_rule_add() fails?

For example

OPTION1

r = seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
r =seccomp_rule_add(...)
if r < 0 seccomp_relase(...)

seccomp_load(...)

OPTION2

r = seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
r =seccomp_rule_add(...)
if r < 0 seccomp_relase(...)

seccomp_load(...)
seccomp_release(...)

Answer 1

Should I release the filter also after seccomp_load() is called?

Yes, you should always release that state once you're finished with it. See the seccomp_load manpage for an example code. Filters loaded in the kernel will remain active.