diff --git a/modules/programs/default.nix b/modules/programs/default.nix
index e20c845c6..a140031c5 100644
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -216,7 +216,7 @@ let
         '';
       };
       sandbox.method = mkOption {
-        type = types.nullOr (types.enum [ "bwrap" "firejail" "landlock" ]);
+        type = types.nullOr (types.enum [ "bwrap" "capshonly" "firejail" "landlock" ]);
         default = null;  #< TODO: default to something non-null
         description = ''
           how/whether to sandbox all binaries in the package.