xz: Capsicum sandbox: Fix incorrect use of cap_rights_clear()
cap_rights_clear() with no additional arguments acts as a no-op, so
instead of removing all capability rights from STDIN_FILENO, the same
rights were allowed for STDIN_FILENO as were allowed for src_fd.
Co-authored-by: Guillaume Outters <guillaume-installs@outters.eu>
Fixes: fd56d5353360 ("xz: Make Capsicum sandbox more strict with stdin and stdout.")
(The commit message says "stdout". It should have said "stderr".)
(based on commit
5cc2e479eb447a444f5ab005fc36b7f275c75eb5)
projects / thirdparty / xz.git / commit
