1 files changed, 9 insertions, 0 deletions

diff --git a/bin/downgrade.c b/bin/downgrade.c
index 5351c501..af1b528b 100644
--- a/bin/downgrade.c
+++ b/bin/downgrade.c
@@ -26,6 +26,10 @@
 #include <tls.h>
 #include <unistd.h>
 
+#ifdef __FreeBSD__
+#include <capsicum_helpers.h>
+#endif
+
 enum { BufferCap = 8192 + 512 };
 
 static bool verbose;
@@ -298,6 +302,11 @@ int main(int argc, char *argv[]) {
 	if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client));
 	tls_config_clear_keys(config);
 
+#ifdef __FreeBSD__
+	error = caph_enter() || caph_limit_stdio();
+	if (error) err(EX_OSERR, "caph_enter");
+#endif
+
 	signal(SIGHUP, quit);
 	signal(SIGINT, quit);
 	signal(SIGTERM, quit);