--- configure.in.orig	2006-11-15 07:43:56.000000000 +0400
+++ configure.in	2014-12-12 00:01:00.000000000 +0400
@@ -110,6 +110,34 @@ else
    USE_IPv6="0"
 fi
 
+AC_ARG_ENABLE(capsicum,
+[  --enable-capsicum           enable capsicum support],
+[
+  use_capsicum="$enableval"
+],
+[ 
+  use_capsicum="no"
+])  
+
+#
+# Check whether various functions are available.  If any are, set
+# ac_lbl_capsicum_function_seen to yes; if any are not, set
+# ac_lbl_capsicum_function_not_seen to yes.
+#
+# All of them must be available in order to enable capsicum sandboxing.
+#
+if test $use_capsicum = yes && test $use_capsicum != no ; then
+	AC_CHECK_FUNCS(cap_enter cap_rights_limit cap_ioctls_limit openat,
+	    ac_lbl_capsicum_function_seen=yes,
+	    ac_lbl_capsicum_function_not_seen=yes)
+fi
+AC_MSG_CHECKING([whether to sandbox using capsicum])
+if test "x$ac_lbl_capsicum_function_seen" = "xyes" -a "x$ac_lbl_capsicum_function_not_seen" != "xyes"; then
+	HAVE_CAPSICUM="1"
+	AC_MSG_RESULT(yes)
+else
+	AC_MSG_RESULT(no)
+fi
 
 dnl
 dnl Configure the regular expression library.
@@ -390,6 +418,7 @@ AC_DEFINE_UNQUOTED(USE_PCAP_RESTART,    
 
 AC_DEFINE_UNQUOTED(USE_PCRE,                  $USE_PCRE,                  [whether to use PCRE (default GNU Regex)])
 AC_DEFINE_UNQUOTED(USE_IPv6,                  $USE_IPv6,                  [whether to use IPv6 (default off)])
+AC_DEFINE_UNQUOTED(HAVE_CAPSICUM,	      $HAVE_CAPSICUM,		  [whether to use capsicum])
 
 AC_DEFINE_UNQUOTED(USE_DROPPRIVS,             $USE_DROPPRIVS,             [whether to use privileges dropping (default yes)])
 AC_DEFINE_UNQUOTED(DROPPRIVS_USER,           "$DROPPRIVS_USER",           [pseudo-user for running ngrep (default "nobody")])