Index: sbin/fsck_msdosfs/Makefile
===================================================================
--- sbin/fsck_msdosfs/Makefile
+++ sbin/fsck_msdosfs/Makefile
@@ -1,6 +1,8 @@
 #	$NetBSD: Makefile,v 1.6 1997/05/08 21:11:11 gwr Exp $
 # $FreeBSD$
 
+.include <src.opts.mk>
+
 FSCK=	${.CURDIR:H}/fsck
 .PATH: ${FSCK}
 
@@ -9,7 +11,13 @@
 MAN=	fsck_msdosfs.8
 SRCS=	main.c check.c boot.c fat.c dir.c fsutil.c
 
-CFLAGS+= -I${FSCK} -DHAVE_LIBUTIL_H
+CFLAGS+= -I${FSCK} -DHAVE_LIBUTIL_H -DHAVE_CAPSICUM
 LIBADD=	util
 
+.if ${MK_CASPER} != "no"
+LIBADD+=	casper
+LIBADD+=	cap_fileargs
+CFLAGS+=	-DWITH_CASPER
+.endif
+
 .include <bsd.prog.mk>
Index: sbin/fsck_msdosfs/check.c
===================================================================
--- sbin/fsck_msdosfs/check.c
+++ sbin/fsck_msdosfs/check.c
@@ -61,9 +61,15 @@
 	if (!preen)
 		printf("** %s", fname);
 
+#ifdef HAVE_CAPSICUM
+	dosfs = fileargs_open(fa_alwaysno, fname);
+	if (dosfs < 0 && !rdonly) {
+		dosfs = fileargs_open(fa_rdonly, fname);
+#else
 	dosfs = open(fname, rdonly ? O_RDONLY : O_RDWR, 0);
 	if (dosfs < 0 && !rdonly) {
 		dosfs = open(fname, O_RDONLY, 0);
+#endif
 		if (dosfs >= 0)
 			pwarn(" (NO WRITE)\n");
 		else if (!preen)
Index: sbin/fsck_msdosfs/ext.h
===================================================================
--- sbin/fsck_msdosfs/ext.h
+++ sbin/fsck_msdosfs/ext.h
@@ -32,6 +32,12 @@
 
 #include <sys/types.h>
 
+#ifdef HAVE_CAPSICUM
+#include <sys/capsicum.h>
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+#endif
+
 #include <stdbool.h>
 
 #include "dosfs.h"
@@ -41,6 +47,10 @@
 /*
  * Options:
  */
+#ifdef HAVE_CAPSICUM
+extern fileargs_t *fa_alwaysno;
+extern fileargs_t *fa_rdonly;
+#endif
 extern int alwaysno;	/* assume "no" for all questions */
 extern int alwaysyes;	/* assume "yes" for all questions */
 extern int preen;	/* we are preening */
Index: sbin/fsck_msdosfs/main.c
===================================================================
--- sbin/fsck_msdosfs/main.c
+++ sbin/fsck_msdosfs/main.c
@@ -39,6 +39,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <stdarg.h>
+#include <err.h>
 
 #include "fsutil.h"
 #include "ext.h"
@@ -49,6 +50,10 @@
 int rdonly;		/* device is opened read only (supersedes above) */
 int skipclean;		/* skip clean file systems if preening */
 int allow_mmap;		/* Allow the use of mmap(), if possible */
+#ifdef HAVE_CAPSICUM
+fileargs_t *fa_alwaysno;
+fileargs_t *fa_rdonly;
+#endif
 
 static void usage(void) __dead2;
 
@@ -67,7 +72,9 @@
 {
 	int ret = 0, erg;
 	int ch;
-
+#ifdef HAVE_CAPSICUM
+	cap_rights_t rights;
+#endif
 	skipclean = 1;
 	allow_mmap = 1;
 	while ((ch = getopt(argc, argv, "CfFnpyM")) != -1) {
@@ -115,6 +122,28 @@
 	if (!argc)
 		usage();
 
+#ifdef HAVE_CAPSICUM
+	fa_alwaysno = fileargs_init(argc, argv, alwaysno ? O_RDONLY : O_RDWR , 0,
+	cap_rights_init(&rights, CAP_MMAP_RW), FA_OPEN);
+	if (fa_alwaysno == NULL)
+		err(1, "unable to open first system.fileargs service");
+
+	fa_rdonly = fileargs_init(argc, argv, O_RDONLY , 0,
+	cap_rights_init(&rights), FA_OPEN);
+	if (fa_rdonly == NULL)
+		err(1, "unable to second open system.fileargs service");
+
+	/*
+	 * Here we enter capability mode. Further down access to global
+	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
+	 * We must connect(2) our socket before this point.
+	 */
+
+	if (cap_enter() < 0 && errno != ENOSYS) {
+		err(1, "unable to enter capability	mode");
+	}
+#endif
+
 	while (--argc >= 0) {
 		setcdevname(*argv, preen);
 		erg = checkfilesys(*argv++);
@@ -122,6 +151,11 @@
 			ret = erg;
 	}
 
+#ifdef HAVE_CAPSICUM
+	fileargs_free(fa_alwaysno);
+	fileargs_free(fa_rdonly);
+#endif
+
 	return ret;
 }