From cae412b2b77d7fd88d187ed7659331709311f80d Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Wed, 1 Apr 2015 14:45:25 +0300
Subject: [PATCH] xz: Fix the Capsicum rights on user_abort_pipe.

---
 src/xz/file_io.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 9eca6950..c01f4e8b 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -198,8 +198,12 @@ io_sandbox_enter(int src_fd)
 			CAP_WRITE, CAP_SEEK)))
 		goto error;
 
+	if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
+			CAP_EVENT)))
+		goto error;
+
 	if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights,
-			CAP_EVENT, CAP_WRITE)))
+			CAP_WRITE)))
 		goto error;
 
 	if (cap_enter())