Index: lib/libcasper/libcasper/libcasper.h
===================================================================
--- lib/libcasper/libcasper/libcasper.h
+++ lib/libcasper/libcasper/libcasper.h
@@ -281,6 +281,12 @@
 }
 #endif
 
+#ifdef WITH_CASPER
+int cap_close_stdio(const cap_channel_t *chan);
+#else
+#define	cap_close_stdio(chan)	(0)
+#endif
+
 __END_DECLS
 
 #endif	/* !_LIBCASPER_H_ */
Index: lib/libcasper/libcasper/libcasper.c
===================================================================
--- lib/libcasper/libcasper/libcasper.c
+++ lib/libcasper/libcasper/libcasper.c
@@ -308,6 +308,26 @@
 	    channel_nvlist_flags(chan)));
 }
 
+int
+cap_close_stdio(const cap_channel_t *chan)
+{
+	nvlist_t *nvlmsg;
+	int error;
+
+	nvlmsg = nvlist_create(channel_nvlist_flags(chan));
+	nvlist_add_string(nvlmsg, "cmd", "close_stdio");
+	nvlmsg = cap_xfer_nvlist(chan, nvlmsg);
+	if (nvlmsg == NULL)
+		return (-1);
+	error = (int)nvlist_get_number(nvlmsg, "error");
+	nvlist_destroy(nvlmsg);
+	if (error != 0) {
+		errno = error;
+		return (-1);
+	}
+	return (0);
+}
+
 cap_channel_t *
 cap_service_open(const cap_channel_t *chan, const char *name)
 {
Index: lib/libcasper/libcasper/service.c
===================================================================
--- lib/libcasper/libcasper/service.c
+++ lib/libcasper/libcasper/service.c
@@ -87,6 +87,8 @@
 	TAILQ_HEAD(, service_connection) s_connections;
 };
 
+static void stdnull(void);
+
 struct service *
 service_alloc(const char *name, service_limit_func_t *limitfunc,
     service_command_func_t *commandfunc, uint64_t flags)
@@ -318,6 +320,9 @@
 			nvlist_move_descriptor(nvlout, "sock", sock);
 			error = 0;
 		}
+	} else if (strcmp(cmd, "close_stdio") == 0) {
+		stdnull();
+		error = 0;		
 	} else {
 		error = service->s_command(cmd,
 		    service_connection_get_limits(sconn), nvlin, nvlout);
Index: sbin/dhclient/dhclient.c
===================================================================
--- sbin/dhclient/dhclient.c
+++ sbin/dhclient/dhclient.c
@@ -2456,6 +2456,7 @@
 	if (daemonfd(-1, nullfd) == -1)
 		error("daemon");
 
+	cap_close_stdio(capsyslog);
 	cap_rights_init(&rights);
 
 	if (pidfile != NULL) {