It's very difficult to reason about, for instance compare the OpenSSH sshd sandbox implementations.
https://github.com/openssh/openssh-portable/blob/master/sshd...
https://github.com/openssh/openssh-portable/blob/master/sand...
https://github.com/openssh/openssh-portable/blob/master/sand...
https://github.com/openssh/openssh-portable/blob/master/sand...
w/ Capsicum, beyond faffing around with some file descriptors, it's unclear what security cap_enter() adds:
https://github.com/openssh/openssh-portable/blob/master/sand...