Index: usr.sbin/bhyve/Makefile
===================================================================
--- usr.sbin/bhyve/Makefile
+++ usr.sbin/bhyve/Makefile
@@ -76,6 +76,11 @@
 
 LIBADD=	vmmapi md pthread z util sbuf cam
 
+.if ${MK_CASPER} != "no"
+CFLAGS+=-DWITH_CASPER
+LIBADD+=	casper
+.endif
+
 .if ${MK_INET_SUPPORT} != "no"
 CFLAGS+=-DINET
 .endif
Index: usr.sbin/bhyve/audio.c
===================================================================
--- usr.sbin/bhyve/audio.c
+++ usr.sbin/bhyve/audio.c
@@ -30,10 +30,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
 #include <capsicum_helpers.h>
-#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -72,7 +69,6 @@
 audio_init(const char *dev_name, uint8_t dir)
 {
 	struct audio *aud = NULL;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t cmds[] = {
 	    SNDCTL_DSP_RESET, SNDCTL_DSP_SETFMT, SNDCTL_DSP_CHANNELS,
@@ -81,7 +77,6 @@
 	    SNDCTL_DSP_GETOSPACE, SNDCTL_DSP_GETISPACE,
 #endif
 	};
-#endif
 
 	assert(dev_name);
 
@@ -107,13 +102,11 @@
 		return (NULL);
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(aud->fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_ioctls_limit(aud->fd, cmds, nitems(cmds)) == -1)
 		errx(EX_OSERR, "Unable to limit ioctl rights for sandbox");
-#endif
 
 	return aud;
 }
Index: usr.sbin/bhyve/bhyverun.c
===================================================================
--- usr.sbin/bhyve/bhyverun.c
+++ usr.sbin/bhyve/bhyverun.c
@@ -32,9 +32,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/mman.h>
 #include <sys/time.h>
 
@@ -43,9 +40,7 @@
 #include <machine/atomic.h>
 #include <machine/segments.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -61,9 +56,7 @@
 #include <stdint.h>
 
 #include <machine/vmm.h>
-#ifndef WITHOUT_CAPSICUM
 #include <machine/vmm_dev.h>
-#endif
 #include <vmmapi.h>
 
 #include "bhyverun.h"
@@ -903,11 +896,9 @@
 	struct vmctx *ctx;
 	int error;
 	bool reinit, romboot;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	const cap_ioctl_t *cmds;	
 	size_t ncmds;
-#endif
 
 	reinit = romboot = false;
 
@@ -946,7 +937,6 @@
 		exit(4);
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW);
 	if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1) 
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
@@ -957,7 +947,6 @@
 	if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	free((cap_ioctl_t *)cmds);
-#endif
  
 	if (reinit) {
 		error = vm_reinit(ctx);
@@ -1198,7 +1187,6 @@
 	 */
 	setproctitle("%s", vmname);
 
-#ifndef WITHOUT_CAPSICUM
 	caph_cache_catpages();
 
 	if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
@@ -1206,7 +1194,6 @@
 
 	if (caph_enter() == -1)
 		errx(EX_OSERR, "cap_enter() failed");
-#endif
 
 	/*
 	 * Add CPU 0
Index: usr.sbin/bhyve/block_if.c
===================================================================
--- usr.sbin/bhyve/block_if.c
+++ usr.sbin/bhyve/block_if.c
@@ -32,9 +32,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/queue.h>
 #include <sys/errno.h>
 #include <sys/stat.h>
@@ -42,9 +39,7 @@
 #include <sys/disk.h>
 
 #include <assert.h>
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -409,10 +404,8 @@
 	off_t size, psectsz, psectoff;
 	int extra, fd, i, sectsz;
 	int nocache, sync, ro, candelete, geom, ssopt, pssopt;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t cmds[] = { DIOCGFLUSH, DIOCGDELETE };
-#endif
 
 	pthread_once(&blockif_once, blockif_init);
 
@@ -470,7 +463,6 @@
 		goto err;
         }
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_FSYNC, CAP_IOCTL, CAP_READ, CAP_SEEK,
 	    CAP_WRITE);
 	if (ro)
@@ -478,7 +470,6 @@
 
 	if (caph_rights_limit(fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
         /*
 	 * Deal with raw devices
@@ -506,10 +497,8 @@
 	} else
 		psectsz = sbuf.st_blksize;
 
-#ifndef WITHOUT_CAPSICUM
 	if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	if (ssopt != 0) {
 		if (!powerof2(ssopt) || !powerof2(pssopt) || ssopt < 512 ||
Index: usr.sbin/bhyve/consport.c
===================================================================
--- usr.sbin/bhyve/consport.c
+++ usr.sbin/bhyve/consport.c
@@ -32,14 +32,9 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/select.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <stdio.h>
@@ -115,10 +110,8 @@
 		uint32_t *eax, void *arg)
 {
 	static int opened;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
-#endif
 
 	if (bytes == 2 && in) {
 		*eax = BVM_CONS_SIG;
@@ -138,14 +131,12 @@
 		return (-1);
 
 	if (!opened) {
-#ifndef WITHOUT_CAPSICUM
 		cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ,
 		    CAP_WRITE);
 		if (caph_rights_limit(STDIN_FILENO, &rights) == -1)
 			errx(EX_OSERR, "Unable to apply rights for sandbox");
 		if (caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1)
 			errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 		ttyopen();
 		opened = 1;
 	}
Index: usr.sbin/bhyve/dbgport.c
===================================================================
--- usr.sbin/bhyve/dbgport.c
+++ usr.sbin/bhyve/dbgport.c
@@ -32,17 +32,12 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 #include <sys/uio.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -135,9 +130,7 @@
 init_dbgport(int sport)
 {
 	int reuse;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	conn_fd = -1;
 
@@ -168,11 +161,9 @@
 		exit(4);
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_ACCEPT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(listen_fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	register_inout(&dbgport);
 }
Index: usr.sbin/bhyve/gdb.c
===================================================================
--- usr.sbin/bhyve/gdb.c
+++ usr.sbin/bhyve/gdb.c
@@ -29,9 +29,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/endian.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
@@ -41,9 +38,7 @@
 #include <machine/vmm.h>
 #include <netinet/in.h>
 #include <assert.h>
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -166,13 +161,11 @@
 		logfile = fopen("/tmp/bhyve_gdb.log", "w");
 		if (logfile == NULL)
 			return;
-#ifndef WITHOUT_CAPSICUM
 		if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
 			fclose(logfile);
 			logfile = NULL;
 			return;
 		}
-#endif
 		setlinebuf(logfile);
 	}
 	va_start(ap, fmt);
@@ -1426,7 +1419,6 @@
 	pthread_mutex_unlock(&gdb_lock);
 }
 
-#ifndef WITHOUT_CAPSICUM
 void
 limit_gdb_socket(int s)
 {
@@ -1440,7 +1432,6 @@
 	if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 }
-#endif
 
 void
 init_gdb(struct vmctx *_ctx, int sport, bool wait)
@@ -1489,8 +1480,6 @@
 	if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
 		err(1, "Failed to mark gdb socket non-blocking");
 
-#ifndef WITHOUT_CAPSICUM
 	limit_gdb_socket(s);
-#endif
 	mevent_add(s, EVF_READ, new_connection, NULL);
 }
Index: usr.sbin/bhyve/mevent.c
===================================================================
--- usr.sbin/bhyve/mevent.c
+++ usr.sbin/bhyve/mevent.c
@@ -37,9 +37,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <assert.h>
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <stdlib.h>
@@ -49,9 +47,6 @@
 #include <unistd.h>
 
 #include <sys/types.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/event.h>
 #include <sys/time.h>
 
@@ -411,9 +406,7 @@
 	int mfd;
 	int numev;
 	int ret;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	mevent_tid = pthread_self();
 	mevent_set_name();
@@ -421,11 +414,9 @@
 	mfd = kqueue();
 	assert(mfd > 0);
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_KQUEUE);
 	if (caph_rights_limit(mfd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	/*
 	 * Open the pipe that will be used for other threads to force
@@ -438,13 +429,11 @@
 		exit(0);
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(mevent_pipefd[0], &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_rights_limit(mevent_pipefd[1], &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	/*
 	 * Add internal event handler for the pipe write fd
Index: usr.sbin/bhyve/net_backends.c
===================================================================
--- usr.sbin/bhyve/net_backends.c
+++ usr.sbin/bhyve/net_backends.c
@@ -38,9 +38,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>		/* u_short etc */
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <sys/uio.h>
@@ -51,9 +48,7 @@
 #define NETMAP_WITH_LIBS
 #include <net/netmap_user.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -176,9 +171,7 @@
 	struct tap_priv *priv = (struct tap_priv *)be->opaque;
 	char tbuf[80];
 	int opt = 1;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	if (cb == NULL) {
 		WPRINTF(("TAP backend requires non-NULL callback\n"));
@@ -203,11 +196,9 @@
 		goto error;
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(be->fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	priv->mevp = mevent_add(be->fd, EVF_READ, cb, param);
 	if (priv->mevp == NULL) {
Index: usr.sbin/bhyve/pci_e82545.c
===================================================================
--- usr.sbin/bhyve/pci_e82545.c
+++ usr.sbin/bhyve/pci_e82545.c
@@ -33,9 +33,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/limits.h>
 #include <sys/ioctl.h>
 #include <sys/uio.h>
@@ -43,9 +40,6 @@
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 
-#ifndef WITHOUT_CAPSICUM
-#include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
Index: usr.sbin/bhyve/pci_passthru.c
===================================================================
--- usr.sbin/bhyve/pci_passthru.c
+++ usr.sbin/bhyve/pci_passthru.c
@@ -32,9 +32,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/types.h>
 #include <sys/mman.h>
 #include <sys/pciio.h>
@@ -45,9 +42,7 @@
 
 #include <machine/iodev.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -652,18 +647,14 @@
 {
 	int bus, slot, func, error, memflags;
 	struct passthru_softc *sc;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t pci_ioctls[] = { PCIOCREAD, PCIOCWRITE, PCIOCGETBAR };
 	cap_ioctl_t io_ioctls[] = { IODEV_PIO };
-#endif
 
 	sc = NULL;
 	error = 1;
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_WRITE);
-#endif
 
 	memflags = vm_get_memflags(ctx);
 	if (!(memflags & VM_MEM_F_WIRED)) {
@@ -679,12 +670,10 @@
 		}
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	if (caph_rights_limit(pcifd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	if (iofd < 0) {
 		iofd = open(_PATH_DEVIO, O_RDWR, 0);
@@ -694,12 +683,10 @@
 		}
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	if (caph_rights_limit(iofd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	if (memfd < 0) {
 		memfd = open(_PATH_MEM, O_RDWR, 0);
@@ -709,12 +696,10 @@
 		}
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_clear(&rights, CAP_IOCTL);
 	cap_rights_set(&rights, CAP_MMAP_RW);
 	if (caph_rights_limit(memfd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	if (opts == NULL ||
 	    sscanf(opts, "%d/%d/%d", &bus, &slot, &func) != 3) {
Index: usr.sbin/bhyve/pci_virtio_console.c
===================================================================
--- usr.sbin/bhyve/pci_virtio_console.c
+++ usr.sbin/bhyve/pci_virtio_console.c
@@ -34,18 +34,13 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/linker_set.h>
 #include <sys/uio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -279,9 +274,7 @@
 	struct sockaddr_un sun;
 	char *pathcopy;
 	int s = -1, fd = -1, error = 0;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	sock = calloc(1, sizeof(struct pci_vtcon_sock));
 	if (sock == NULL) {
@@ -329,11 +322,9 @@
 		goto out;
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(s, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	sock->vss_port = pci_vtcon_port_add(sc, name, pci_vtcon_sock_tx, sock);
 	if (sock->vss_port == NULL) {
Index: usr.sbin/bhyve/pci_virtio_rnd.c
===================================================================
--- usr.sbin/bhyve/pci_virtio_rnd.c
+++ usr.sbin/bhyve/pci_virtio_rnd.c
@@ -37,15 +37,10 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/linker_set.h>
 #include <sys/uio.h>
 
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -148,9 +143,7 @@
 	int fd;
 	int len;
 	uint8_t v;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	/*
 	 * Should always be able to open /dev/random.
@@ -159,11 +152,9 @@
 
 	assert(fd >= 0);
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_READ);
 	if (caph_rights_limit(fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	/*
 	 * Check that device is seeded and non-blocking.
Index: usr.sbin/bhyve/rfb.c
===================================================================
--- usr.sbin/bhyve/rfb.c
+++ usr.sbin/bhyve/rfb.c
@@ -31,9 +31,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
-#endif
 #include <sys/endian.h>
 #include <sys/socket.h>
 #include <sys/select.h>
@@ -45,9 +42,7 @@
 #include <netdb.h>
 
 #include <assert.h>
-#ifndef WITHOUT_CAPSICUM
 #include <capsicum_helpers.h>
-#endif
 #include <err.h>
 #include <errno.h>
 #include <pthread.h>
@@ -972,9 +967,7 @@
 	struct addrinfo *ai = NULL;
 	struct addrinfo hints;
 	int on = 1;
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
-#endif
 
 	rc = calloc(1, sizeof(struct rfb_softc));
 
@@ -1025,11 +1018,9 @@
 		goto error;
 	}
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(rc->sfd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	rc->hw_crc = sse42_supported();
 
Index: usr.sbin/bhyve/uart_emul.c
===================================================================
--- usr.sbin/bhyve/uart_emul.c
+++ usr.sbin/bhyve/uart_emul.c
@@ -34,10 +34,7 @@
 
 #include <sys/types.h>
 #include <dev/ic/ns16550.h>
-#ifndef WITHOUT_CAPSICUM
-#include <sys/capsicum.h>
 #include <capsicum_helpers.h>
-#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -638,10 +635,8 @@
 static int
 uart_stdio_backend(struct uart_softc *sc)
 {
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
-#endif
 
 	if (uart_stdio)
 		return (-1);
@@ -655,13 +650,11 @@
 	if (fcntl(sc->tty.wfd, F_SETFL, O_NONBLOCK) != 0)
 		return (-1);
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ);
 	if (caph_rights_limit(sc->tty.rfd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_ioctls_limit(sc->tty.rfd, cmds, nitems(cmds)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	uart_stdio = true;
 
@@ -671,10 +664,8 @@
 static int
 uart_tty_backend(struct uart_softc *sc, const char *opts)
 {
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
-#endif
 	int fd;
 
 	fd = open(opts, O_RDWR | O_NONBLOCK);
@@ -689,13 +680,11 @@
 	sc->tty.rfd = sc->tty.wfd = fd;
 	sc->tty.opened = true;
 
-#ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(fd, &rights) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 	if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
-#endif
 
 	return (0);
 }