Index: usr.bin/bsdiff/bspatch/bspatch.c
===================================================================
--- usr.bin/bsdiff/bspatch/bspatch.c
+++ usr.bin/bsdiff/bspatch/bspatch.c
@@ -156,9 +156,6 @@
 	atexit(exit_cleanup);
 
 #ifndef WITHOUT_CAPSICUM
-	if (cap_enter() < 0)
-		err(1, "failed to enter security sandbox");
-
 	cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
 	cap_rights_init(&rights_wr, CAP_WRITE);
 	cap_rights_init(&rights_dir, CAP_UNLINKAT);
@@ -172,6 +169,9 @@
 	    cap_rights_limit(dirfd, &rights_dir) < 0)
 		err(1, "cap_rights_limit() failed, could not restrict"
 		    " capabilities");
+
+	if (cap_enter() < 0)
+		err(1, "failed to enter security sandbox");
 #endif
 
 	/*