diff --git a/configure.ac b/configure.ac
index f0c4cc5d..773f9eea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -167,7 +167,7 @@ AC_ARG_ENABLE(gregex,
 	want_gregex=yes)
 
 AC_ARG_WITH(capsicum,
-[  --with-capsicum            Build with Capsicum support],
+[  --with-capsicum         Build with Capsicum support],
 	if test x$withval = xno; then
 		want_capsicum=no
 	else
@@ -526,6 +526,7 @@ AM_CONDITIONAL(BUILD_IRSSIBOT, test "$want_irssibot" = "yes")
 AM_CONDITIONAL(BUILD_IRSSIFUZZER, test "$want_irssifuzzer" = "yes")
 AM_CONDITIONAL(BUILD_IRSSIPROXY, test "$want_irssiproxy" = "yes")
 AM_CONDITIONAL(HAVE_PERL, test "$want_perl" != "no")
+AM_CONDITIONAL(HAVE_CAPSICUM, test "x$want_capsicum" = "xyes")
 AM_CONDITIONAL(USE_GREGEX, test "x$want_gregex" = "xyes")
 
 # move LIBS to PROG_LIBS so they're not tried to be used when linking eg. perl libraries
diff --git a/src/core/Makefile.am b/src/core/Makefile.am
index 91daba3f..f3bc1674 100644
--- a/src/core/Makefile.am
+++ b/src/core/Makefile.am
@@ -56,6 +56,11 @@ libcore_a_SOURCES = \
 	tls.c \
 	write-buffer.c
 
+if HAVE_CAPSICUM
+libcore_a_SOURCES += \
+	capsicum.c
+endif
+
 structure_headers = \
 	channel-rec.h \
 	channel-setup-rec.h \
diff --git a/src/core/capsicum.c b/src/core/capsicum.c
new file mode 100644
index 00000000..702b895a
--- /dev/null
+++ b/src/core/capsicum.c
@@ -0,0 +1,46 @@
+/*
+ capsicum.c : Capsicum sandboxing support
+
+    Copyright (C) 2017 Edward Tomasz Napierala <trasz@FreeBSD.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "module.h"
+#include "signals.h"
+#include "commands.h"
+
+#include <sys/capsicum.h>
+#include <string.h>
+
+static void cmd_cap_enter(void)
+{
+	int error;
+
+	error = cap_enter();
+	if (error != 0)
+		g_error("cap_enter(2) failed: %s", strerror(errno));
+}
+
+void capsicum_init(void)
+{
+
+	command_bind("cap_enter", NULL, (SIGNAL_FUNC) cmd_cap_enter);
+}
+
+void capsicum_deinit(void)
+{
+	command_unbind("cap_enter", (SIGNAL_FUNC) cmd_cap_enter);
+}
diff --git a/src/core/capsicum.h b/src/core/capsicum.h
new file mode 100644
index 00000000..75c70080
--- /dev/null
+++ b/src/core/capsicum.h
@@ -0,0 +1,7 @@
+#ifndef __CAPSICUM_H
+#define __CAPSICUM_H
+
+void capsicum_init(void);
+void capsicum_deinit(void);
+
+#endif
diff --git a/src/core/core.c b/src/core/core.c
index bf7cdd6b..72631f91 100644
--- a/src/core/core.c
+++ b/src/core/core.c
@@ -29,6 +29,7 @@
 #include "signals.h"
 #include "settings.h"
 #include "session.h"
+#include "capsicum.h"
 
 #include "chat-protocols.h"
 #include "servers.h"
@@ -235,6 +236,7 @@ void core_init(void)
 	commands_init();
 	nickmatch_cache_init();
         session_init();
+	capsicum_init();
 
 	chat_protocols_init();
 	chatnets_init();
@@ -292,6 +294,7 @@ void core_deinit(void)
 	chatnets_deinit();
 	chat_protocols_deinit();
 
+	capsicum_deinit();
         session_deinit();
         nickmatch_cache_deinit();
 	commands_deinit();