# 16.12.Capsicum

Capsicum 是一款轻量级的操作系统能力和沙盒框架，实现了一个混合能力系统模型。能力是不可伪造的授权令牌，可以被委托，并且必须在执行操作时提供。Capsicum 将文件描述符转化为能力。

Capsicum 可用于应用程序和库的隔离，将较大软件体块分解成独立的（沙盒化的）组件，从而实施安全策略并限制软件漏洞的影响。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://handbook.bsdcn.org/di-16-zhang-an-quan/16.12.-capsicum.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.