Capsicum is a sandbox framework in the FreeBSD operating systems and it’s based on the capabilities concept. Programs running in a sandbox don’t have access to any global namespaces. For some applications this limitation could be too restraining. So how developers handle those exceptions with Capsicum?