diff --git a/src/main-misc.c b/src/main-misc.c
index fc95ad5d..7c5bae95 100644
--- a/src/main-misc.c
+++ b/src/main-misc.c
@@ -847,24 +847,31 @@ void run_sec_mod(main_server_st * s)
 {
 	int e;
 	pid_t pid;
-	char file[_POSIX_PATH_MAX];
 	const char *p;
 
 	/* make socket name */
 	snprintf(s->socket_file, sizeof(s->socket_file), "%s.%u",
 		 s->config->socket_file_prefix, (unsigned)getpid());
-	p = s->socket_file;
+
 	if (s->config->chroot_dir != NULL) {
-		snprintf(file, sizeof(file), "%s/%s.%u",
-			 s->config->chroot_dir, s->config->socket_file_prefix,
-			 (unsigned)getpid());
-		p = file;
+		snprintf(s->full_socket_file, sizeof(s->full_socket_file), "%s/%s",
+			 s->config->chroot_dir, s->socket_file);
+	} else {
+		snprintf(s->full_socket_file, sizeof(s->full_socket_file), "%s",
+			 s->socket_file);
 	}
+	p = s->full_socket_file;
 
 	pid = fork();
 	if (pid == 0) {		/* child */
 		clear_lists(s);
 		kill_on_parent_kill(SIGTERM);
+
+#ifdef HAVE_MALLOC_TRIM
+		/* try to return all the pages we've freed to
+		 * the operating system. */
+		malloc_trim(0);
+#endif
 		setproctitle(PACKAGE_NAME "-secmod");
 
 		sec_mod_server(s->config, p);
diff --git a/src/main.c b/src/main.c
index dc78968b..e09c332a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -768,7 +768,8 @@ unsigned total = 10;
 	if (terminate != 0) {
 		mslog(s, NULL, LOG_DEBUG, "termination request received; waiting for children to die");
 		kill_children(s);
-		remove(s->socket_file);
+		remove(s->full_socket_file);
+		remove(s->config->occtl_socket_file);
 		remove_pid_file();
 
 		while (waitpid(-1, NULL, WNOHANG) == 0) {
diff --git a/src/main.h b/src/main.h
index 8855df05..2c699ce0 100644
--- a/src/main.h
+++ b/src/main.h
@@ -177,6 +177,7 @@ typedef struct main_server_st {
 	struct ban_list_st ban_list;
 	
 	char socket_file[_POSIX_PATH_MAX];
+	char full_socket_file[_POSIX_PATH_MAX];
 	pid_t sec_mod_pid;
 	
 	unsigned active_clients;