From 1da079b53da81a122f31dc8b2e9bf22e096f6ca6 Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Sat, 7 Oct 2023 07:45:56 -0400
Subject: [PATCH] capsicum: close any unknown fd's

---
 src/restrict_process_capsicum.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/restrict_process_capsicum.c b/src/restrict_process_capsicum.c
index a86fae7..47e7626 100644
--- a/src/restrict_process_capsicum.c
+++ b/src/restrict_process_capsicum.c
@@ -52,6 +52,8 @@ int restrict_process_stdin(xmppipe_state_t *state) {
   if (fd < 0)
     return -1;
 
+  closefrom(fd+1);
+
   rl.rlim_cur = fd;
   rl.rlim_max = fd;