One of the rather interesting features of FreeBSD 10 should be Capsicum. It has been shipping since 9.0 but wasn't enabled by default. It should be enabled by default in 10.0 and ship along with Capsicum enhanced applications.

Capsicum uses capabilities (not traditional POSIX capabilities) for security and sandboxing rather than the legacy UNIX MAC and DAC model.

This offers increased flexibility and reliability for defining security policies.

Anyone interested can read further: http://www.cl.cam.ac.uk/research/security/capsicum/

is osx itself compiled with LLVM or GCC. and if so, since when?

It is worth noting that Apple uses Capsiculum in iOS to sandbox software from the App Store.

Are you sure about this? I did a google search and found nothing that confirms this. All references point to Apple using something called seatbelt for sandboxing apps in the iOS.

Could you provide a reference?

No, apple does not use capsicum to secure iOS. Capsicum is still really young and still being heavily worked on. It's not yet ready for production usage, but it might become ready in the near future. Capsicum would need the iOS app to be re-written to benefit capsicum sandboxing, just like any other application : it's not a transparent security mechanism like MAC (Selinux, apparmaor, etc).

But this is true that apple use a security mechanism developped for freeBSD by the Trusted BSD project, the same project from which capsicum comes from http://www.trustedbsd.org/. Apple uses the classic MAC approach for sandboxing, but it's still too weak and can be escaped more easily than a more fine grained mechanism like capsicum.