diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c
index 5a12f69b..1802f8db 100644
--- a/src/xz/sandbox.c
+++ b/src/xz/sandbox.c
@@ -319,7 +319,7 @@ sandbox_enable_strict_if_allowed(
 
 	// If not reading from stdin, remove all capabilities from it.
 	if (src_fd != STDIN_FILENO && cap_rights_limit(
-			STDIN_FILENO, cap_rights_clear(&rights)))
+			STDIN_FILENO, cap_rights_init(&rights)))
 		goto error;
 
 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c
index d281e071..491707cc 100644
--- a/src/xzdec/xzdec.c
+++ b/src/xzdec/xzdec.c
@@ -316,7 +316,7 @@ sandbox_enter(int src_fd)
 
 	// If not reading from stdin, remove all capabilities from it.
 	if (src_fd != STDIN_FILENO && cap_rights_limit(
-			STDIN_FILENO, cap_rights_clear(&rights)))
+			STDIN_FILENO, cap_rights_init(&rights)))
 		goto error;
 
 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,