Index: sys/kern/capabilities.conf
===================================================================
--- sys/kern/capabilities.conf
+++ sys/kern/capabilities.conf
@@ -136,11 +136,11 @@
 ## cpuset(2) and related calls require scoping by process, but should
 ## eventually be allowed, at least in the current process case.
 ##
-#cpuset
-#cpuset_getaffinity
-#cpuset_getid
-#cpuset_setaffinity
-#cpuset_setid
+cpuset
+cpuset_getaffinity
+cpuset_getid
+cpuset_setaffinity
+cpuset_setid
 
 ##
 ## Always allow dup(2) and dup2(2) manipulation of the file descriptor table.
Index: sys/kern/init_sysent.c
===================================================================
--- sys/kern/init_sysent.c
+++ sys/kern/init_sysent.c
@@ -529,11 +529,11 @@
 	{ AS(thr_kill2_args), (sy_call_t *)sys_thr_kill2, AUE_KILL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 481 = thr_kill2 */
 	{ AS(shm_open_args), (sy_call_t *)sys_shm_open, AUE_SHMOPEN, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 482 = shm_open */
 	{ AS(shm_unlink_args), (sy_call_t *)sys_shm_unlink, AUE_SHMUNLINK, NULL, 0, 0, 0, SY_THR_STATIC },	/* 483 = shm_unlink */
-	{ AS(cpuset_args), (sy_call_t *)sys_cpuset, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 484 = cpuset */
-	{ AS(cpuset_setid_args), (sy_call_t *)sys_cpuset_setid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 485 = cpuset_setid */
-	{ AS(cpuset_getid_args), (sy_call_t *)sys_cpuset_getid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 486 = cpuset_getid */
-	{ AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 487 = cpuset_getaffinity */
-	{ AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },	/* 488 = cpuset_setaffinity */
+	{ AS(cpuset_args), (sy_call_t *)sys_cpuset, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 484 = cpuset */
+	{ AS(cpuset_setid_args), (sy_call_t *)sys_cpuset_setid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 485 = cpuset_setid */
+	{ AS(cpuset_getid_args), (sy_call_t *)sys_cpuset_getid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 486 = cpuset_getid */
+	{ AS(cpuset_getaffinity_args), (sy_call_t *)sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 487 = cpuset_getaffinity */
+	{ AS(cpuset_setaffinity_args), (sy_call_t *)sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 488 = cpuset_setaffinity */
 	{ AS(faccessat_args), (sy_call_t *)sys_faccessat, AUE_FACCESSAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 489 = faccessat */
 	{ AS(fchmodat_args), (sy_call_t *)sys_fchmodat, AUE_FCHMODAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 490 = fchmodat */
 	{ AS(fchownat_args), (sy_call_t *)sys_fchownat, AUE_FCHOWNAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },	/* 491 = fchownat */
Index: sys/kern/kern_cpuset.c
===================================================================
--- sys/kern/kern_cpuset.c
+++ sys/kern/kern_cpuset.c
@@ -47,6 +47,7 @@
 #include <sys/sched.h>
 #include <sys/smp.h>
 #include <sys/syscallsubr.h>
+#include <sys/capsicum.h>
 #include <sys/cpuset.h>
 #include <sys/sx.h>
 #include <sys/queue.h>
@@ -523,6 +524,10 @@
 	int threads;
 	int nfree;
 	int error;
+
+	/* In Capability mode, you can only set your own CPU set. */
+	if (IN_CAPABILITY_MODE(curthread) && pid != -1))
+		return (ECAPMODE);
 	/*
 	 * The algorithm requires two passes due to locking considerations.
 	 * 
@@ -698,6 +703,9 @@
 	struct proc *p;
 	int error;
 
+	/* In Capability mode, you can only set your own CPU set. */
+	if (IN_CAPABILITY_MODE(curthread) && id != -1))
+		return (ECAPMODE);
 	nset = uma_zalloc(cpuset_zone, M_WAITOK);
 	error = cpuset_which(CPU_WHICH_TID, id, &p, &td, &set);
 	if (error)
@@ -735,6 +743,10 @@
 	cpuset_t mask;
 	int error;
 
+	/* In Capability mode, you can only set your own CPU set. */
+	if (IN_CAPABILITY_MODE(curthread) && id != -1))
+		return (ECAPMODE);
+
 	nset = uma_zalloc(cpuset_zone, M_WAITOK);
 	rset = uma_zalloc(cpuset_zone, M_WAITOK);
 	cs_id = CPUSET_INVALID;
@@ -990,6 +1002,9 @@
 	/*
 	 * Presently we only support per-process sets.
 	 */
+	/* In Capability mode, you can only set your own CPU set. */
+	if (IN_CAPABILITY_MODE(td) && !(which == CPU_WHICH_PID && id == -1))
+		return (ECAPMODE);
 	if (which != CPU_WHICH_PID)
 		return (EINVAL);
 	set = cpuset_lookup(setid, td);
@@ -1029,6 +1044,11 @@
 
 	if (level == CPU_LEVEL_WHICH && which != CPU_WHICH_CPUSET)
 		return (EINVAL);
+	/* In Capability mode, you can only get your own CPU set. */
+	if (IN_CAPABILITY_MODE(td) && !(level == CPU_LEVEL_WHICH &&
+	    (which == CPU_WHICH_TID || which == CPU_WHICH_PID) &&
+	    id == -1))
+		return (ECAPMODE);
 	error = cpuset_which(which, id, &p, &ttd, &set);
 	if (error)
 		return (error);
@@ -1097,6 +1117,11 @@
 
 	if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
 		return (ERANGE);
+	/* In Capability mode, you can only get your own CPU set. */
+	if (IN_CAPABILITY_MODE(td) && !(level == CPU_LEVEL_WHICH &&
+	    (which == CPU_WHICH_TID || which == CPU_WHICH_PID) &&
+	    id == -1))
+		return (ECAPMODE);
 	size = cpusetsize;
 	mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO);
 	error = cpuset_which(which, id, &p, &ttd, &set);
@@ -1201,6 +1226,11 @@
 
 	if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
 		return (ERANGE);
+	/* In Capability mode, you can only set your own CPU set. */
+	if (IN_CAPABILITY_MODE(td) && !(level == CPU_LEVEL_WHICH &&
+	    (which == CPU_WHICH_TID || which == CPU_WHICH_PID) &&
+	    id == -1))
+		return (ECAPMODE);
 	mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO);
 	error = copyin(maskp, mask, cpusetsize);
 	if (error)