diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 08a704d904b1..e0721a223eae 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -2560,7 +2560,7 @@ fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
 	}
 
 #ifdef CAPABILITIES
-	error = cap_check(cap_rights_fde(fde), needrightsp);
+	error = cap_check(cap_rights_fde_inline(fde), needrightsp);
 	if (error != 0)
 		goto out;
 #endif
@@ -2651,7 +2651,7 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
 #ifdef CAPABILITIES
 		seq = seq_read(fd_seq(fdt, fd));
 		fde = &fdt->fdt_ofiles[fd];
-		haverights = *cap_rights_fde(fde);
+		haverights = *cap_rights_fde_inline(fde);
 		fp = fde->fde_file;
 		if (!seq_consistent(fd_seq(fdt, fd), seq))
 			continue;
diff --git a/sys/kern/sys_capability.c b/sys/kern/sys_capability.c
index 643f6bfa8a43..f2dd750bffa9 100644
--- a/sys/kern/sys_capability.c
+++ b/sys/kern/sys_capability.c
@@ -208,7 +208,7 @@ const cap_rights_t *
 cap_rights_fde(const struct filedescent *fdep)
 {
 
-	return (&fdep->fde_rights);
+	return (cap_rights_fde_inline(fdep));
 }
 
 const cap_rights_t *
diff --git a/sys/sys/capsicum.h b/sys/sys/capsicum.h
index e85ef75eeec5..af624f89e7a0 100644
--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@@ -465,7 +465,13 @@ u_char	cap_rights_to_vmprot(const cap_rights_t *havep);
 /*
  * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
  * extract the rights from a capability.
+ *
+ * Dereferencing fdep requires filedesc.h, but including it would cause
+ * significant pollution. Instead add a macro for consumers which want it,
+ * most notably kern_descrip.c.
  */
+#define cap_rights_fde_inline(fdep)	(&(fdep)->fde_rights)
+
 const cap_rights_t	*cap_rights_fde(const struct filedescent *fde);
 const cap_rights_t	*cap_rights(struct filedesc *fdp, int fd);