A Taste of Capsicum: Practical Capabilities For Unix
Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives and a userspace sandbox API. These tools support decomposition of monolithic UNIX applications into compartmentalized logical applications.
