diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index 791fa88d8..633159b91 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -117,6 +117,16 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040"
 
+[[package]]
+name = "capctl"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eea0d91a34c56f0a0779e1cc2ec7040fa7f672819c4d3fe7d9dd4af3d2e78aca"
+dependencies = [
+ "bitflags",
+ "libc",
+]
+
 [[package]]
 name = "caps"
 version = "0.5.2"
@@ -471,6 +481,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
+ "capctl",
  "cgroups-rs",
  "futures",
  "ipnetwork",
@@ -482,7 +493,6 @@ dependencies = [
  "netlink-sys",
  "nix 0.17.0",
  "oci",
- "prctl",
  "procfs",
  "prometheus",
  "protobuf",
@@ -865,16 +875,6 @@ version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
 
-[[package]]
-name = "prctl"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52"
-dependencies = [
- "libc",
- "nix 0.20.0",
-]
-
 [[package]]
 name = "proc-macro-hack"
 version = "0.5.19"
@@ -1159,6 +1159,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
+ "capctl",
  "caps",
  "cgroups-rs",
  "futures",
@@ -1168,7 +1169,6 @@ dependencies = [
  "nix 0.17.0",
  "oci",
  "path-absolutize",
- "prctl",
  "protobuf",
  "protocols",
  "regex",
diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
index 6f292dcc3..47df6eaee 100644
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -14,7 +14,7 @@ ttrpc = { version = "0.5.0", features = ["async", "protobuf-codec"], default-fea
 protobuf = "=2.14.0"
 libc = "0.2.58"
 nix = "0.17.0"
-prctl = "1.0.0"
+capctl = "0.2.0"
 serde_json = "1.0.39"
 scan_fmt = "0.2.3"
 scopeguard = "1.0.0"
diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml
index 9d65edbf8..5b66b043a 100644
--- a/src/agent/rustjail/Cargo.toml
+++ b/src/agent/rustjail/Cargo.toml
@@ -13,7 +13,7 @@ protocols = { path ="../protocols" }
 caps = "0.5.0"
 nix = "0.17.0"
 scopeguard = "1.0.0"
-prctl = "1.0.0"
+capctl = "0.2.0"
 lazy_static = "1.3.0"
 libc = "0.2.58"
 protobuf = "=2.14.0"
diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs
index 3546ee957..f55878ce1 100644
--- a/src/agent/rustjail/src/container.rs
+++ b/src/agent/rustjail/src/container.rs
@@ -469,7 +469,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
     // Ref: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
     //
     if !nses.is_empty() {
-        prctl::set_dumpable(false)
+        capctl::prctl::set_dumpable(false)
             .map_err(|e| anyhow!(e).context("set process non-dumpable failed"))?;
     }
 
@@ -602,7 +602,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
 
     // NoNewPeiviledges, Drop capabilities
     if oci_process.no_new_privileges {
-        prctl::set_no_new_privileges(true).map_err(|_| anyhow!("cannot set no new privileges"))?;
+        capctl::prctl::set_no_new_privs().map_err(|_| anyhow!("cannot set no new privileges"))?;
     }
 
     if oci_process.capabilities.is_some() {
@@ -1314,7 +1314,7 @@ fn write_mappings(logger: &Logger, path: &str, maps: &[LinuxIdMapping]) -> Resul
 
 fn setid(uid: Uid, gid: Gid) -> Result<()> {
     // set uid/gid
-    prctl::set_keep_capabilities(true)
+    capctl::prctl::set_keepcaps(true)
         .map_err(|e| anyhow!(e).context("set keep capabilities returned"))?;
 
     {
@@ -1328,7 +1328,7 @@ fn setid(uid: Uid, gid: Gid) -> Result<()> {
         capabilities::reset_effective()?;
     }
 
-    prctl::set_keep_capabilities(false)
+    capctl::prctl::set_keepcaps(false)
         .map_err(|e| anyhow!(e).context("set keep capabilities returned"))?;
 
     Ok(())
diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs
index c0c66cb78..b9fadd403 100644
--- a/src/agent/rustjail/src/lib.rs
+++ b/src/agent/rustjail/src/lib.rs
@@ -23,7 +23,7 @@ extern crate caps;
 extern crate protocols;
 #[macro_use]
 extern crate scopeguard;
-extern crate prctl;
+extern crate capctl;
 #[macro_use]
 extern crate lazy_static;
 extern crate libc;
diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
index 595951bc5..cab67edcb 100644
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -5,8 +5,8 @@
 
 #[macro_use]
 extern crate lazy_static;
+extern crate capctl;
 extern crate oci;
-extern crate prctl;
 extern crate prometheus;
 extern crate protocols;
 extern crate regex;
diff --git a/src/agent/src/signal.rs b/src/agent/src/signal.rs
index 7f823b2f1..cde54af5e 100644
--- a/src/agent/src/signal.rs
+++ b/src/agent/src/signal.rs
@@ -6,10 +6,10 @@
 
 use crate::sandbox::Sandbox;
 use anyhow::{anyhow, Result};
+use capctl::prctl::set_subreaper;
 use nix::sys::wait::WaitPidFlag;
 use nix::sys::wait::{self, WaitStatus};
 use nix::unistd;
-use prctl::set_child_subreaper;
 use slog::{error, info, o, Logger};
 use std::sync::Arc;
 use tokio::select;
@@ -88,7 +88,7 @@ pub async fn setup_signal_handler(
 ) -> Result<()> {
     let logger = logger.new(o!("subsystem" => "signals"));
 
-    set_child_subreaper(true)
+    set_subreaper(true)
         .map_err(|err| anyhow!(err).context("failed to setup agent as a child subreaper"))?;
 
     let mut sigchild_stream = signal(SignalKind::child())?;
diff --git a/tools/agent-ctl/Cargo.lock b/tools/agent-ctl/Cargo.lock
index 0751394c8..a52c722d3 100644
--- a/tools/agent-ctl/Cargo.lock
+++ b/tools/agent-ctl/Cargo.lock
@@ -116,6 +116,16 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040"
 
+[[package]]
+name = "capctl"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eea0d91a34c56f0a0779e1cc2ec7040fa7f672819c4d3fe7d9dd4af3d2e78aca"
+dependencies = [
+ "bitflags",
+ "libc",
+]
+
 [[package]]
 name = "caps"
 version = "0.5.2"
@@ -710,16 +720,6 @@ version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
 
-[[package]]
-name = "prctl"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52"
-dependencies = [
- "libc",
- "nix 0.20.0",
-]
-
 [[package]]
 name = "proc-macro-hack"
 version = "0.5.19"
@@ -992,6 +992,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
+ "capctl",
  "caps",
  "cgroups-rs",
  "futures",
@@ -1001,7 +1002,6 @@ dependencies = [
  "nix 0.17.0",
  "oci",
  "path-absolutize",
- "prctl",
  "protobuf",
  "protocols",
  "regex",