diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index dcf37447f4..44862983c1 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -44,13 +44,11 @@
 
 lxc_log_define(lxc_seccomp, lxc);
 
-static int parse_config_v1(FILE *f, struct lxc_conf *conf)
+static int parse_config_v1(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
 	int ret = 0;
-	size_t line_bufsz = 0;
-	char *line = NULL;
 
-	while (getline(&line, &line_bufsz, f) != -1) {
+	while (getline(&line, line_bufsz, f) != -1) {
 		int nr;
 
 		ret = sscanf(line, "%d", &nr);
@@ -554,14 +552,12 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
  * write
  * close
  */
-static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
+static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
 	int ret;
 	char *p;
 	enum lxc_hostarch_t cur_rule_arch, native_arch;
-	size_t line_bufsz = 0;
 	bool blacklist = false;
-	char *rule_line = NULL;
 	uint32_t default_policy_action = -1, default_rule_action = -1;
 	struct seccomp_v2_rule rule;
 	struct scmp_ctx_info {
@@ -736,7 +732,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 #endif
 	}
 
-	while (getline(&rule_line, &line_bufsz, f) != -1) {
+	while (getline(&line, line_bufsz, f) != -1) {
 		if (line[0] == '#')
 			continue;
 
@@ -1004,7 +1000,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 	}
 
-	free(rule_line);
+	free(line);
 	return 0;
 
 bad_arch:
@@ -1021,7 +1017,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 	if (ctx.contexts[2])
 		seccomp_release(ctx.contexts[2]);
 
-	free(rule_line);
+	free(line);
 
 	return -1;
 }
@@ -1042,7 +1038,8 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
  */
 static int parse_config(FILE *f, struct lxc_conf *conf)
 {
-	char line[MAXPATHLEN];
+	char *line = NULL;
+	size_t line_bufsz = 0;
 	int ret, version;
 
 	ret = fscanf(f, "%d\n", &version);
@@ -1051,25 +1048,29 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
 		return -1;
 	}
 
-	if (!fgets(line, MAXPATHLEN, f)) {
+	if (getline(&line, &line_bufsz, f) == -1) {
 		ERROR("Invalid config file");
-		return -1;
+		goto bad_line;
 	}
 
 	if (version == 1 && !strstr(line, "whitelist")) {
 		ERROR("Only whitelist policy is supported");
-		return -1;
+		goto bad_line;
 	}
 
 	if (strstr(line, "debug")) {
 		ERROR("Debug not yet implemented");
-		return -1;
+		goto bad_line;
 	}
 
 	if (version == 1)
-		return parse_config_v1(f, conf);
+		return parse_config_v1(f, line, &line_bufsz, conf);
 
-	return parse_config_v2(f, line, conf);
+	return parse_config_v2(f, line, &line_bufsz, conf);
+
+bad_line:
+	free(line);
+	return -1;
 }
 
 /*