Capsicum is designed specifically to provide better security capabilities on Unix and Unix-derived systems. Researchers from Google and the University of Cambridge in England have developed a new sandboxing framework called Capsicum. The framework extends the POSIX API and introduces a number of new Unix primitives that are meant to isolate applications and users and handle rights delegation in a better way. Sandboxing, which separates applications from the OS as a means for preventing malicious code exploitng a vulnerability from affecting multiple programs, has become a popular technique for addressing this problem.
Source: https://threatpost.com/researchers-release-capsicum-new-sandbox-framework-081210/74324/