Should I release the filter also after seccomp_load() is called? Or only if some of the calls to seccomp_rule_add() fails?
For example
OPTION1
r = seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
r =seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
seccomp_load(...)
OPTION2
r = seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
r =seccomp_rule_add(...)
if r < 0 seccomp_relase(...)
seccomp_load(...)
seccomp_release(...)
Should I release the filter also after
seccomp_load()is called?
Yes, you should always release that state once you're finished with it. See the seccomp_load manpage for an example code. Filters loaded in the kernel will remain active.