Index: usr.bin/logger/logger.c
===================================================================
--- usr.bin/logger/logger.c
+++ usr.bin/logger/logger.c
@@ -44,6 +44,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/capsicum.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -57,6 +58,9 @@
 #include <time.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+#include <casper/cap_syslog.h>
+
 #define	SYSLOG_NAMES
 #include <syslog.h>
 
@@ -76,6 +80,7 @@
 		    struct socks *, ssize_t, const char *);
 static void	usage(void);
 
+static cap_channel_t *capcas, *capsyslog;
 #ifdef INET6
 static int family = PF_UNSPEC;	/* protocol family (IPv4, IPv6 or both) */
 #else
@@ -140,7 +145,6 @@
 			svcname = optarg;
 			break;
 		case 'p':		/* priority */
-			pri = pencode(optarg);
 			break;
 		case 's':		/* log to standard error */
 			logflags |= LOG_PERROR;
@@ -168,12 +172,23 @@
 		nsock = 0;
 	}
 
+	capcas = cap_init();
+	if (capcas == NULL)
+		err(1, "Unable to contact Casper");
+	if (cap_enter() < 0)
+			err(1, "Unable to enter capability mode");
+	capsyslog = cap_service_open(capcas, "system.syslog");
+	if (capsyslog == NULL)
+		err(1, "Unable to open system.syslog service");
+	cap_close(capcas);
+
+	if ((char)ch == 'p')
+		pri = pencode(optarg);
 	if (tag == NULL)
 		tag = getlogin();
 	/* setup for logging */
 	if (host == NULL)
-		openlog(tag, logflags, 0);
-	(void) fclose(stdout);
+		cap_openlog(capsyslog, tag, logflags, 0);
 
 	(void )time(&now);
 	(void )ctime_r(&now, tbuf);
@@ -349,7 +364,7 @@
 	int len, i, lsent;
 
 	if (nsock == 0) {
-		syslog(pri, "%s", buf);
+		cap_syslog(capsyslog, pri, "%s", buf);
 		return;
 	}
 	if ((len = asprintf(&line, "<%d>%s %s %s: %s", pri, timestamp,