From d648e178f1b3fa9f261b890157d2ee6e9e5e14fa Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 15 Apr 2018 22:12:51 +0200
Subject: [PATCH] seccomp: cleanup compat architecture handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/seccomp.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 60118852d..6a4f474c8 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -789,24 +789,36 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 	}
 
+	INFO("Merging compat seccomp contexts into main context");
 	if (compat_ctx[0]) {
-		INFO("Merging compat seccomp contexts into main context");
-		if (compat_arch[0] != native_arch && compat_arch[0] != seccomp_arch_native()) {
+		if ((compat_arch[0] != native_arch) &&
+		    (compat_arch[0] != seccomp_arch_native())) {
 			ret = seccomp_merge(conf->seccomp_ctx, compat_ctx[0]);
 			if (ret < 0) {
-				ERROR("Failed to merge first compat seccomp context into main context");
+				ERROR("Failed to merge first compat seccomp "
+				      "context into main context");
 				goto bad;
 			}
 			TRACE("Merged first compat seccomp context into main context");
+		} else {
+			seccomp_release(compat_ctx[0]);
+			compat_ctx[0] = NULL;
 		}
+	}
 
-		if (compat_arch[1] && compat_arch[1] != native_arch && compat_arch[1] != seccomp_arch_native()) {
+	if (compat_ctx[1]) {
+		if ((compat_arch[1] != native_arch) &&
+		    (compat_arch[1] != seccomp_arch_native())) {
 			ret = seccomp_merge(conf->seccomp_ctx, compat_ctx[1]);
 			if (ret < 0) {
-				ERROR("Failed to merge first compat seccomp context into main context");
+				ERROR("Failed to merge first compat seccomp "
+				      "context into main context");
 				goto bad;
 			}
 			TRACE("Merged second compat seccomp context into main context");
+		} else {
+			seccomp_release(compat_ctx[1]);
+			compat_ctx[1] = NULL;
 		}
 	}