diff --git a/lib/libcasper/libcasper/libcasper.3 b/lib/libcasper/libcasper/libcasper.3
--- a/lib/libcasper/libcasper/libcasper.3
+++ b/lib/libcasper/libcasper/libcasper.3
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 6, 2023
+.Dd December 6, 2023
 .Dt LIBCASPER 3
 .Os
 .Sh NAME
@@ -94,7 +94,6 @@
 .Fn cap_init
 function instantiates a capability to allow a program to access
 the casper daemon.
-It must be called from a single-threaded context.
 .Pp
 The
 .Fn cap_wrap
@@ -235,6 +234,21 @@
 .Xr syslog 3
 compatible API
 .El
+.Pp
+.Fn cap_init
+must be called from a single-threaded context.
+.Fn cap_clone ,
+.Fn cap_close ,
+.Fn cap_limit_get ,
+.Fn cap_limit_set ,
+.Fn cap_send_nvlist ,
+.Fn cap_recv_nvlist ,
+and
+.Fn cap_service_open
+are reentrant but not thread-safe.
+That is, they may be called from separate threads only with different
+.Vt cap_channel_t
+arguments or with synchronization.
 .Sh RETURN VALUES
 The
 .Fn cap_clone ,
diff --git a/lib/libcasper/services/cap_net/cap_net.3 b/lib/libcasper/services/cap_net/cap_net.3
--- a/lib/libcasper/services/cap_net/cap_net.3
+++ b/lib/libcasper/services/cap_net/cap_net.3
@@ -21,7 +21,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd December 5, 2023
+.Dd December 6, 2023
 .Dt CAP_NET 3
 .Os
 .Sh NAME
@@ -84,22 +84,31 @@
 The functions
 .Fn cap_bind ,
 .Fn cap_connect ,
+.Fn cap_getaddrinfo ,
+.Fn cap_getnameinfo ,
 .Fn cap_gethostbyname ,
 .Fn cap_gethostbyname2 ,
-.Fn cap_gethostbyaddr
 and
-.Fn cap_getnameinfo
+.Fn cap_gethostbyaddr
 provide a set of APIs equivalent to
 .Xr bind 2 ,
 .Xr connect 2 ,
+.Xr getaddrinfo 3 ,
+.Xr getnameinfo 3 ,
 .Xr gethostbyname 3 ,
 .Xr gethostbyname2 3 ,
-.Xr gethostbyaddr 3
 and
-.Xr getnameinfo 3
+.Xr gethostbyaddr 3
 except that a connection to the
 .Nm system.net
 service needs to be provided.
+.Pp
+These functions, as well as
+.Fn cap_net_limit ,
+are reentrant but not thread-safe.
+That is, they may be called from separate threads only with different
+.Vt cap_channel_t
+arguments or with synchronization.
 .Sh LIMITS
 By default, the cap_net capability provides unrestricted access to the network
 namespace.