Unix 'capabilities' (before Capsicum, iirc) were a different thing with the same name. Confusing. Unix actually does have a different construct that is like a classical capability: an open file descriptor that you can send to another process over a Unix domain socket.