Index: contrib/file/src/file.h
===================================================================
--- contrib/file/src/file.h
+++ contrib/file/src/file.h
@@ -89,6 +89,11 @@
 #include <sys/stat.h>
 #include <stdarg.h>
 
+#ifdef HAVE_CAPSICUM
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+#endif
+
 #define ENABLE_CONDITIONALS
 
 #ifndef MAGIC
@@ -582,6 +587,10 @@
 extern const size_t file_nnames;
 #endif
 
+#ifdef HAVE_CAPSICUM
+extern fileargs_t *fa;
+#endif
+
 #ifndef HAVE_PREAD
 ssize_t pread(int, void *, size_t, off_t);
 #endif
Index: contrib/file/src/file.c
===================================================================
--- contrib/file/src/file.c
+++ contrib/file/src/file.c
@@ -57,6 +57,12 @@
 #ifdef HAVE_WCHAR_H
 #include <wchar.h>
 #endif
+#ifdef HAVE_CAPSICUM
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+#include <capsicum_helpers.h>
+#endif
+#include <err.h>
 
 #if defined(HAVE_GETOPT_H) && defined(HAVE_STRUCT_OPTION)
 # include <getopt.h>
@@ -171,6 +177,9 @@
 private struct magic_set *load(const char *, int);
 private void setparam(const char *);
 private void applyparam(magic_t);
+#ifdef HAVE_CAPSICUM
+	fileargs_t *fa;
+#endif
 
 
 /*
@@ -190,7 +199,16 @@
 	int longindex;
 	const char *magicfile = NULL;		/* where the magic is	*/
 	char *progname;
+#ifdef HAVE_CAPSICUM
+	cap_rights_t rights, *rights_init;
+#endif
 
+#ifdef HAVE_CAPSICUM
+	caph_cache_catpages();
+	rights_init = cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_SEEK, CAP_FCNTL);
+	fa = fileargs_init(argc, argv, O_RDONLY|O_BINARY|O_NONBLOCK, 0, 
+		rights_init, FA_OPEN | FA_LSTAT);
+#endif
 	/* makes islower etc work for other langs */
 	(void)setlocale(LC_CTYPE, "");
 
@@ -267,6 +285,11 @@
 				if ((magic = load(magicfile, flags)) == NULL)
 					return 1;
 			applyparam(magic);
+#ifdef HAVE_CAPSICUM
+			if (caph_enter_casper() < 0) {
+				err(1, "unable to enter capability	mode");
+			}
+#endif
 			e |= unwrap(magic, optarg);
 			++didsomefiles;
 			break;
@@ -403,6 +426,10 @@
 		applyparam(magic);
 	}
 
+	if (!cap_sandboxed() && caph_enter_casper() < 0) {
+		err(1, "unable to enter capability	mode");
+	}
+
 	if (optind == argc) {
 		if (!didsomefiles)
 			usage();
@@ -427,6 +454,9 @@
 	}
 
 out:
+#ifdef HAVE_CAPSICUM
+	fileargs_free(fa);
+#endif
 	if (magic)
 		magic_close(magic);
 	return e;
@@ -503,7 +533,11 @@
 		f = stdin;
 		wid = 1;
 	} else {
+#ifdef HAVE_CAPSICUM
+		if ((f = fileargs_fopen(fa, fn, "r")) == NULL) {
+#else
 		if ((f = fopen(fn, "r")) == NULL) {
+#endif
 			file_warn("Cannot open `%s'", fn);
 			return 1;
 		}
Index: contrib/file/src/fsmagic.c
===================================================================
--- contrib/file/src/fsmagic.c
+++ contrib/file/src/fsmagic.c
@@ -113,6 +113,9 @@
 	ssize_t nch;
 	struct stat tstatbuf;
 #endif
+#ifdef HAVE_CAPSICUM
+	int fd;
+#endif
 
 	if (fn == NULL)
 		return 0;
@@ -122,12 +125,24 @@
 	 * Fstat is cheaper but fails for files you don't have read perms on.
 	 * On 4.2BSD and similar systems, use lstat() to identify symlinks.
 	 */
-#ifdef	S_IFLNK
+#if defined(S_IFLNK) && defined(HAVE_CAPSICUM)
+	fd = fileargs_open(fa, fn);
+	if ((ms->flags & MAGIC_SYMLINK) == 0)
+		ret = fileargs_lstat(fa, fn, sb);
+	else
+		ret = fstat(fd, sb);
+
+#elif defined(S_IFLINK) && !defined(HAVE_CAPSICUM)
 	if ((ms->flags & MAGIC_SYMLINK) == 0)
 		ret = lstat(fn, sb);
 	else
+		ret = stat(fn, sb);
+#elif !defined(S_IFLINK) && defined(HAVE_CAPSICUM)
+	fd = fileargs_open(fa, fn);
+	ret = fstat(fd, sb);
+#else
+	ret = stat(fn, sb);
 #endif
-	ret = stat(fn, sb);	/* don't merge into if; see "ret =" above */
 
 #ifdef WIN32
 	{
Index: contrib/file/src/magic.c
===================================================================
--- contrib/file/src/magic.c
+++ contrib/file/src/magic.c
@@ -436,9 +436,13 @@
 		_setmode(STDIN_FILENO, O_BINARY);
 #endif
 	if (inname != NULL) {
-		int flags = O_RDONLY|O_BINARY|O_NONBLOCK;
 		errno = 0;
+#ifdef HAVE_CAPSICUM
+		if ((fd = fileargs_open(fa, inname)) < 0) {
+#else
+		int flags = O_RDONLY|O_BINARY|O_NONBLOCK;
 		if ((fd = open(inname, flags)) < 0) {
+#endif
 			okstat = stat(inname, &sb) == 0;
 			if (okstat && S_ISFIFO(sb.st_mode))
 				ispipe = 1;
Index: lib/libmagic/Makefile
===================================================================
--- lib/libmagic/Makefile
+++ lib/libmagic/Makefile
@@ -1,6 +1,8 @@
 # $FreeBSD$
 # Copyright (c) David E. O'Brien, 2000-2004, 2006, 2009
 
+.include <src.opts.mk>
+
 PACKAGE=lib${LIB}
 CONTRDIR=	${SRCTOP}/contrib/file
 .PATH: ${CONTRDIR}
@@ -22,7 +24,7 @@
 
 MAGICPATH?=	/usr/share/misc
 
-CFLAGS+= -DMAGIC='"${MAGICPATH}/magic"' -DHAVE_CONFIG_H
+CFLAGS+= -DMAGIC='"${MAGICPATH}/magic"' -DHAVE_CONFIG_H -DHAVE_CAPSICUM
 CFLAGS+= -I${.CURDIR} -I${.OBJDIR} -I${CONTRDIR}/src
 
 WARNS?=		3
@@ -90,3 +92,9 @@
 FILESDIR_libmagic.pc=	${LIBDATADIR}/pkgconfig
 
 .include <bsd.lib.mk>
+
+.if ${MK_CASPER} != "no"
+LIBADD+=	casper
+LIBADD+=	cap_fileargs
+CFLAGS+=	-DWITH_CASPER
+.endif
Index: usr.bin/file/Makefile
===================================================================
--- usr.bin/file/Makefile
+++ usr.bin/file/Makefile
@@ -20,6 +20,8 @@
 #    ever read sources, credits must appear in the documentation.
 # 4. This notice may not be removed or altered.
 
+.include <src.opts.mk>
+
 SRCDIR=	${SRCTOP}/contrib/file
 .PATH: ${SRCDIR}/src
 .PATH: ${SRCDIR}/doc
@@ -28,7 +30,7 @@
 
 MAGICPATH?=	/usr/share/misc
 
-CFLAGS+= -DMAGIC='"${MAGICPATH}/magic"' -DHAVE_CONFIG_H
+CFLAGS+= -DMAGIC='"${MAGICPATH}/magic"' -DHAVE_CONFIG_H -DHAVE_CAPSICUM
 CFLAGS+= -I${SRCTOP}/lib/libmagic
 
 LIBADD=	magic
@@ -38,6 +40,12 @@
 
 CLEANFILES+=	${MAN}
 
+.if ${MK_CASPER} != "no"
+LIBADD+=	casper
+LIBADD+=	cap_fileargs
+CFLAGS+=	-DWITH_CASPER
+.endif 
+
 .include <bsd.prog.mk>
 
 .for mp in ${MAN}