Capsicum and Casper are FreeBSD proposal for a clean, robust and intuitive application compartmentalization. Today's sandboxing techniques build on top of existing technologies that weren't really designed for this sort of protection (like chroot(2), rlimit(2), setuid(2), Mandantory Access Control, etc.). Capsicum and Casper provide rich infrastructure for breaking applications into multiple useful sandboxes and thus significantly reducing Trusted Computing Base. Capsicum is a lightweight OS capability and sandbox framework implementing a hybrid capability system model. The Casper daemon enables sandboxed application to use functionality normally unavailable in capability-mode sandboxes. The talk will discuss Capsicum framework, Casper daemon and its services. It will provide introduction based on already implemented examples to those new FreeBSD features. The talk will also present existing portable sandboxing implementations to give clear picture how hacky those solutions are.