- Is there a plan to add capsicum to jail configuration? It seems right now an application has to implement capsicum itself to leverage that crucial extra layer of security. But we want to run/configure capsicum on top of an application when we set up a jail.
- We also want to filter syscalls a sandboxed application can make - should be relatively easy to implement, so why hasn't syscall filtering even been implemented in capsicum yet?
