---  contrib/openbsm/etc/audit_event.orig
+++  contrib/openbsm/etc/audit_event
@@ -548,7 +548,7 @@
 43184:AUE_OPENAT:openat(2) - attr only:fa
 43185:AUE_POSIX_OPENPT:posix_openpt(2):ip
 43186:AUE_CAP_NEW:cap_new(2):fm
-43187:AUE_CAP_GETRIGHTS:cap_getrights(2):fm
+43187:AUE_CAP_RIGHTS_GET:cap_rights_get(2):fm
 43188:AUE_CAP_ENTER:cap_enter(2):pc
 43189:AUE_CAP_GETMODE:cap_getmode(2):pc
 43190:AUE_POSIX_SPAWN:posix_spawn(2):pc
--- lib/libc/include/compat.h.orig
+++ lib/libc/include/compat.h
@@ -42,6 +42,8 @@
 __sym_compat(msgctl, freebsd7_msgctl, FBSD_1.0);
 __sym_compat(shmctl, freebsd7_shmctl, FBSD_1.0);
 
+__sym_compat(cap_getrights, cap_rights_get, FBSD_1.2);
+
 #undef __sym_compat
 
 #endif	/* __LIBC_COMPAT_H__ */
--- lib/libc/sys/Makefile.inc.orig
+++ lib/libc/sys/Makefile.inc
@@ -93,7 +93,9 @@
 	bind.2 \
 	brk.2 \
 	cap_enter.2 \
-	cap_new.2 \
+	cap_fcntls_limit.2 \
+	cap_ioctls_limit.2 \
+	cap_rights_limit.2 \
 	chdir.2 \
 	chflags.2 \
 	chmod.2 \
@@ -270,7 +272,9 @@
 	access.2 faccessat.2
 MLINKS+=brk.2 sbrk.2
 MLINKS+=cap_enter.2 cap_getmode.2
-MLINKS+=cap_new.2 cap_getrights.2
+MLINKS+=cap_fcntls_limit.2 cap_fcntls_get.2
+MLINKS+=cap_ioctls_limit.2 cap_ioctls_get.2
+MLINKS+=cap_rights_limit.2 cap_rights_get.2
 MLINKS+=chdir.2 fchdir.2
 MLINKS+=chflags.2 fchflags.2 \
 	chflags.2 lchflags.2
--- lib/libc/sys/Symbol.map.orig
+++ lib/libc/sys/Symbol.map
@@ -364,7 +364,6 @@
 	cap_enter;
 	cap_getmode;
 	cap_new;
-	cap_getrights;
 	getloginclass;
 	pdfork;
 	pdgetpid;
@@ -379,6 +378,12 @@
 };
 
 FBSD_1.3 {
+	cap_fcntls_get;
+	cap_fcntls_limit;
+	cap_ioctls_get;
+	cap_ioctls_limit;
+	cap_rights_get;
+	cap_rights_limit;
 	clock_getcpuclockid2;
 	ffclock_getcounter;
 	ffclock_getestimate;
--- sys/bsm/audit_kevents.h.orig
+++ sys/bsm/audit_kevents.h
@@ -588,7 +588,7 @@
 #define	AUE_OPENAT		43184	/* FreeBSD. */
 #define	AUE_POSIX_OPENPT	43185	/* FreeBSD. */
 #define	AUE_CAP_NEW		43186	/* TrustedBSD. */
-#define	AUE_CAP_GETRIGHTS	43187	/* TrustedBSD. */
+#define	AUE_CAP_RIGHTS_GET	43187	/* TrustedBSD. */
 #define	AUE_CAP_ENTER		43188	/* TrustedBSD. */
 #define	AUE_CAP_GETMODE		43189	/* TrustedBSD. */
 #define	AUE_POSIX_SPAWN		43190	/* Darwin. */
--- sys/compat/freebsd32/freebsd32_syscall.h.orig
+++ sys/compat/freebsd32/freebsd32_syscall.h
@@ -416,7 +416,7 @@
 #define	FREEBSD32_SYS_freebsd32_shmctl	512
 #define	FREEBSD32_SYS_lpathconf	513
 #define	FREEBSD32_SYS_cap_new	514
-#define	FREEBSD32_SYS_cap_getrights	515
+#define	FREEBSD32_SYS_cap_rights_get	515
 #define	FREEBSD32_SYS_cap_enter	516
 #define	FREEBSD32_SYS_cap_getmode	517
 #define	FREEBSD32_SYS_freebsd32_pselect	522
--- sys/compat/freebsd32/freebsd32_syscalls.c.orig
+++ sys/compat/freebsd32/freebsd32_syscalls.c
@@ -538,7 +538,7 @@
 	"freebsd32_shmctl",			/* 512 = freebsd32_shmctl */
 	"lpathconf",			/* 513 = lpathconf */
 	"cap_new",			/* 514 = cap_new */
-	"cap_getrights",			/* 515 = cap_getrights */
+	"cap_rights_get",			/* 515 = cap_rights_get */
 	"cap_enter",			/* 516 = cap_enter */
 	"cap_getmode",			/* 517 = cap_getmode */
 	"#518",			/* 518 = pdfork */
--- sys/compat/freebsd32/freebsd32_sysent.c.orig
+++ sys/compat/freebsd32/freebsd32_sysent.c
@@ -575,7 +575,7 @@
 	{ AS(freebsd32_shmctl_args), (sy_call_t *)lkmressys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT },	/* 512 = freebsd32_shmctl */
 	{ AS(lpathconf_args), (sy_call_t *)sys_lpathconf, AUE_LPATHCONF, NULL, 0, 0, 0, SY_THR_STATIC },	/* 513 = lpathconf */
 	{ AS(cap_new_args), (sy_call_t *)sys_cap_new, AUE_CAP_NEW, NULL, 0, 0, 0, SY_THR_STATIC },	/* 514 = cap_new */
-	{ AS(cap_getrights_args), (sy_call_t *)sys_cap_getrights, AUE_CAP_GETRIGHTS, NULL, 0, 0, 0, SY_THR_STATIC },	/* 515 = cap_getrights */
+	{ AS(cap_rights_get_args), (sy_call_t *)sys_cap_rights_get, AUE_CAP_RIGHTS_GET, NULL, 0, 0, 0, SY_THR_STATIC },	/* 515 = cap_rights_get */
 	{ 0, (sy_call_t *)sys_cap_enter, AUE_CAP_ENTER, NULL, 0, 0, 0, SY_THR_STATIC },	/* 516 = cap_enter */
 	{ AS(cap_getmode_args), (sy_call_t *)sys_cap_getmode, AUE_CAP_GETMODE, NULL, 0, 0, 0, SY_THR_STATIC },	/* 517 = cap_getmode */
 	{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT },			/* 518 = pdfork */
--- sys/compat/freebsd32/freebsd32_systrace_args.c.orig
+++ sys/compat/freebsd32/freebsd32_systrace_args.c
@@ -2956,9 +2956,9 @@
 		*n_args = 2;
 		break;
 	}
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515: {
-		struct cap_getrights_args *p = params;
+		struct cap_rights_get_args *p = params;
 		iarg[0] = p->fd; /* int */
 		uarg[1] = (intptr_t) p->rightsp; /* uint64_t * */
 		*n_args = 2;
@@ -8002,7 +8044,7 @@
 			break;
 		};
 		break;
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515:
 		switch(ndx) {
 		case 0:
@@ -9938,7 +10051,7 @@
 		if (ndx == 0 || ndx == 1)
 			p = "int";
 		break;
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515:
 		if (ndx == 0 || ndx == 1)
 			p = "int";
--- sys/compat/freebsd32/syscalls.master.orig
+++ sys/compat/freebsd32/syscalls.master
@@ -963,7 +963,7 @@
 				    struct shmid_ds32 *buf); }
 513	AUE_LPATHCONF	NOPROTO	{ int lpathconf(char *path, int name); }
 514	AUE_CAP_NEW	NOPROTO	{ int cap_new(int fd, uint64_t rights); }
-515	AUE_CAP_GETRIGHTS	NOPROTO	{ int cap_getrights(int fd, \
+515	AUE_CAP_RIGHTS_GET	NOPROTO	{ int cap_rights_get(int fd, \
 				    uint64_t *rightsp); }
 516	AUE_CAP_ENTER	NOPROTO	{ int cap_enter(void); }
 517	AUE_CAP_GETMODE	NOPROTO	{ int cap_getmode(u_int *modep); }
--- sys/kern/capabilities.conf.orig
+++ sys/kern/capabilities.conf
@@ -110,9 +110,14 @@
 ## Allow capability mode and capability system calls.
 ##
 cap_enter
+cap_fcntls_get
+cap_fcntls_limit
 cap_getmode
-cap_getrights
+cap_ioctls_get
+cap_ioctls_limit
 cap_new
+cap_rights_get
+cap_rights_limit
 
 ##
 ## Allow read-only clock operations.
--- sys/kern/init_sysent.c.orig
+++ sys/kern/init_sysent.c
@@ -549,7 +549,7 @@
 	{ AS(shmctl_args), (sy_call_t *)lkmressys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT },	/* 512 = shmctl */
 	{ AS(lpathconf_args), (sy_call_t *)sys_lpathconf, AUE_LPATHCONF, NULL, 0, 0, 0, SY_THR_STATIC },	/* 513 = lpathconf */
 	{ AS(cap_new_args), (sy_call_t *)sys_cap_new, AUE_CAP_NEW, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 514 = cap_new */
-	{ AS(cap_getrights_args), (sy_call_t *)sys_cap_getrights, AUE_CAP_GETRIGHTS, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 515 = cap_getrights */
+	{ AS(cap_rights_get_args), (sy_call_t *)sys_cap_rights_get, AUE_CAP_RIGHTS_GET, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 515 = cap_rights_get */
 	{ 0, (sy_call_t *)sys_cap_enter, AUE_CAP_ENTER, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 516 = cap_enter */
 	{ AS(cap_getmode_args), (sy_call_t *)sys_cap_getmode, AUE_CAP_GETMODE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 517 = cap_getmode */
 	{ AS(pdfork_args), (sy_call_t *)sys_pdfork, AUE_PDFORK, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 518 = pdfork */
--- sys/kern/syscalls.c.orig
+++ sys/kern/syscalls.c
@@ -522,7 +522,7 @@
 	"shmctl",			/* 512 = shmctl */
 	"lpathconf",			/* 513 = lpathconf */
 	"cap_new",			/* 514 = cap_new */
-	"cap_getrights",			/* 515 = cap_getrights */
+	"cap_rights_get",			/* 515 = cap_rights_get */
 	"cap_enter",			/* 516 = cap_enter */
 	"cap_getmode",			/* 517 = cap_getmode */
 	"pdfork",			/* 518 = pdfork */
--- sys/kern/syscalls.master.orig
+++ sys/kern/syscalls.master
@@ -917,7 +917,7 @@
 				    struct shmid_ds *buf); }
 513	AUE_LPATHCONF	STD	{ int lpathconf(char *path, int name); }
 514	AUE_CAP_NEW	STD	{ int cap_new(int fd, uint64_t rights); }
-515	AUE_CAP_GETRIGHTS	STD	{ int cap_getrights(int fd, \
+515	AUE_CAP_RIGHTS_GET	STD	{ int cap_rights_get(int fd, \
 				    uint64_t *rightsp); }
 516	AUE_CAP_ENTER	STD	{ int cap_enter(void); }
 517	AUE_CAP_GETMODE	STD	{ int cap_getmode(u_int *modep); }
--- sys/kern/systrace_args.c.orig
+++ sys/kern/systrace_args.c
@@ -3134,9 +3134,9 @@
 		*n_args = 2;
 		break;
 	}
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515: {
-		struct cap_getrights_args *p = params;
+		struct cap_rights_get_args *p = params;
 		iarg[0] = p->fd; /* int */
 		uarg[1] = (intptr_t) p->rightsp; /* uint64_t * */
 		*n_args = 2;
@@ -8477,7 +8519,7 @@
 			break;
 		};
 		break;
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515:
 		switch(ndx) {
 		case 0:
@@ -10556,7 +10669,7 @@
 		if (ndx == 0 || ndx == 1)
 			p = "int";
 		break;
-	/* cap_getrights */
+	/* cap_rights_get */
 	case 515:
 		if (ndx == 0 || ndx == 1)
 			p = "int";
--- sys/security/audit/audit_bsm.c.orig
+++ sys/security/audit/audit_bsm.c
@@ -1609,13 +1608,25 @@
 		}
 		break;
 
-	case AUE_CAP_GETRIGHTS:
+	case AUE_CAP_FCNTLS_GET:
+	case AUE_CAP_IOCTLS_GET:
+	case AUE_CAP_IOCTLS_LIMIT:
+	case AUE_CAP_RIGHTS_GET:
 		if (ARG_IS_VALID(kar, ARG_FD)) {
 			tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
 			kau_write(rec, tok);
 		}
 		break;
 
+	case AUE_CAP_FCNTLS_LIMIT:
+		FD_VNODE1_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_FCNTL_RIGHTS)) {
+			tok = au_to_arg32(2, "fcntlrights",
+			    ar->ar_arg_fcntl_rights);
+			kau_write(rec, tok);
+		}
+		break;
+
 	case AUE_CAP_ENTER:
 	case AUE_CAP_GETMODE:
 		break;
--- sys/sys/syscall.h.orig
+++ sys/sys/syscall.h
@@ -435,7 +435,7 @@
 #define	SYS_shmctl	512
 #define	SYS_lpathconf	513
 #define	SYS_cap_new	514
-#define	SYS_cap_getrights	515
+#define	SYS_cap_rights_get	515
 #define	SYS_cap_enter	516
 #define	SYS_cap_getmode	517
 #define	SYS_pdfork	518
--- sys/sys/syscall.mk.orig
+++ sys/sys/syscall.mk
@@ -384,7 +384,7 @@
 	shmctl.o \
 	lpathconf.o \
 	cap_new.o \
-	cap_getrights.o \
+	cap_rights_get.o \
 	cap_enter.o \
 	cap_getmode.o \
 	pdfork.o \
--- sys/sys/sysproto.h.orig
+++ sys/sys/sysproto.h
@@ -1676,7 +1676,7 @@
 	char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)];
 	char rights_l_[PADL_(uint64_t)]; uint64_t rights; char rights_r_[PADR_(uint64_t)];
 };
-struct cap_getrights_args {
+struct cap_rights_get_args {
 	char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)];
 	char rightsp_l_[PADL_(uint64_t *)]; uint64_t * rightsp; char rightsp_r_[PADR_(uint64_t *)];
 };
@@ -2127,7 +2149,7 @@
 int	sys_shmctl(struct thread *, struct shmctl_args *);
 int	sys_lpathconf(struct thread *, struct lpathconf_args *);
 int	sys_cap_new(struct thread *, struct cap_new_args *);
-int	sys_cap_getrights(struct thread *, struct cap_getrights_args *);
+int	sys_cap_rights_get(struct thread *, struct cap_rights_get_args *);
 int	sys_cap_enter(struct thread *, struct cap_enter_args *);
 int	sys_cap_getmode(struct thread *, struct cap_getmode_args *);
 int	sys_pdfork(struct thread *, struct pdfork_args *);
@@ -2823,7 +2850,7 @@
 #define	SYS_AUE_shmctl	AUE_SHMCTL
 #define	SYS_AUE_lpathconf	AUE_LPATHCONF
 #define	SYS_AUE_cap_new	AUE_CAP_NEW
-#define	SYS_AUE_cap_getrights	AUE_CAP_GETRIGHTS
+#define	SYS_AUE_cap_rights_get	AUE_CAP_RIGHTS_GET
 #define	SYS_AUE_cap_enter	AUE_CAP_ENTER
 #define	SYS_AUE_cap_getmode	AUE_CAP_GETMODE
 #define	SYS_AUE_pdfork	AUE_PDFORK
--- usr.bin/kdump/kdump.c.orig
+++ usr.bin/kdump/kdump.c
@@ -1008,6 +1008,7 @@
 				narg--;
 				break;
 			case SYS_cap_new:
+			case SYS_cap_rights_limit:
 				print_number(ip, narg, c);
 				putchar(',');
 				arg = *ip;
--- sys/sys/capability.h.orig
+++ sys/sys/capability.h
@@ -187,21 +258,46 @@
 int	cap_enter(void);
 
 /*
+ * Are we sandboxed (in capability mode)?
+ * This is libc wrapper around cap_getmode(2) system call.
+ */
+bool	cap_sandboxed(void);
+
+/*
  * cap_getmode(): Are we in capability mode?
  */
-int	cap_getmode(u_int* modep);
+int	cap_getmode(u_int *modep);
 
 /*
- * cap_new(): Create a new capability derived from an existing file
- * descriptor with the specified rights.  If the existing file descriptor is
- * a capability, then the new rights must be a subset of the existing rights.
+ * Limits capability rights for the given descriptor (CAP_*).
+ */
+int cap_rights_limit(int fd, cap_rights_t rights);
+/*
+ * Returns bitmask of capability rights for the given descriptor.
+ */
+int cap_rights_get(int fd, cap_rights_t *rightsp);
+/*
+ * Limits allowed ioctls for the given descriptor.
+ */
+int cap_ioctls_limit(int fd, const unsigned long *cmds, size_t ncmds);
+/*
+ * Returns array of allowed ioctls for the given descriptors.
+ * If all ioctls are allowed, the cmds array is not populated and
+ * the function returns INT_MAX.
+ */
+ssize_t cap_ioctls_get(int fd, unsigned long *cmds, size_t maxcmds);
+/*
+ * Limits allowed fcntls for the given descriptor (CAP_FCNTL_*).
  */
-int	cap_new(int fd, cap_rights_t rights);
-
+int cap_fcntls_limit(int fd, uint32_t fcntlrights);
 /*
- * cap_getrights(): Query the rights on a capability.
+ * Returns bitmask of allowed fcntls for the given descriptor.
  */
-int	cap_getrights(int fd, cap_rights_t *rightsp);
+int cap_fcntls_get(int fd, uint32_t *fcntlrightsp);
+
+/* For backward compatibility. */
+int cap_new(int fd, cap_rights_t rights);
+#define	cap_getrights(fd, rightsp)	cap_rights_get((fd), (rightsp))
 
 __END_DECLS