diff --git a/sandbox/sandbox-linux.cpp b/sandbox/sandbox-linux.cpp
index 4a17bd6..60a42ed 100644
--- a/sandbox/sandbox-linux.cpp
+++ b/sandbox/sandbox-linux.cpp
@@ -50,10 +50,11 @@ bool SandboxLinux::seccomp_blacklist(std::initializer_list<int> syscalls)
 		Logger::error() << "Failed to load seccomp filter";
 		return false;
 	}
+	seccomp_release(ctx);
 	return success;
 }
 
-bool SandboxLinux::bindMountPaths(std::string target_root, std::initializer_list<std::string> paths)
+bool SandboxLinux::bindMountPaths(std::string target_root, const std::vector<std::string> &paths)
 {
 	for(const std::string &path : paths)
 	{
@@ -68,7 +69,8 @@ bool SandboxLinux::bindMountPaths(std::string target_root, std::initializer_list
 			f1.open(chroot_target_path, std::ios::out);
 			f1.close();
 		}
-		else {
+	else
+	{
 			std::error_code ec;
 			//TODO: fails if the stuff already exists, but it shouldn't according to doc?
 			if(!std::filesystem::create_directories(chroot_target_path, ec))
@@ -79,8 +81,8 @@ bool SandboxLinux::bindMountPaths(std::string target_root, std::initializer_list
 
 			if(mount(path.c_str(), chroot_target_path.c_str(), NULL, MS_BIND, NULL) == -1)
 			{
-				Logger::error() << "Bind mount failed! " << strerror(errno);
-				return false;
+		Logger::error() << "Bind mount for " << path << " -> " << chroot_target_path << " failed! " << strerror(errno);
+		return false;
 			}
 		}
 
@@ -147,16 +149,14 @@ bool SandboxLinux::isolateNamespaces(std::vector<std::string> fsPaths)
 	}
 
 
-	for(std::string &path : fsPaths)
+	if(!bindMountPaths(rootpath, fsPaths ))
 	{
-		if(!bindMountPaths(rootpath, { path }))
-		{
-			Logger::error() << "Bind mount for " << path << " failed!";
-			return false;
-		}
-
+	Logger::error() << "Bind mounting paths failed!";
+	return false;
 	}
 
+
+
 	if(chroot(rootpath.c_str()) == -1)
 	{
 		Logger::error() << "chroot to sandbox failed!";
diff --git a/sandbox/sandbox-linux.h b/sandbox/sandbox-linux.h
index cd5d814..be10f8f 100644
--- a/sandbox/sandbox-linux.h
+++ b/sandbox/sandbox-linux.h
@@ -14,6 +14,6 @@ public:
 private :
 	bool isolateNamespaces(std::vector<std::string> fsPaths);
 	bool seccomp_blacklist(std::initializer_list<int> syscalls);
-	bool bindMountPaths(std::string target_root, std::initializer_list<std::string> paths);
+	bool bindMountPaths(std::string target_root, const std::vector<std::string> &paths);
 };
 #endif