Index: sys/kern/kern_kexec.c
===================================================================
--- sys/kern/kern_kexec.c
+++ sys/kern/kern_kexec.c
@@ -341,8 +341,19 @@
 sys_kexec_load(struct thread *td, struct kexec_load_args *uap)
 {
 	int error;
-
-	// FIXME: Do w need a better privilege check than PRIV_REBOOT here?
+/*
+* XXX: Is PRIV_REBOOT sufficient here?
+*
+* Loading a new kernel image via kexec_load() is a more powerful operation
+* than a traditional reboot, as it allows replacing the running kernel
+* without returning to firmware or the bootloader.
+*
+* The current use of PRIV_REBOOT relies on the system security policy
+* (e.g., MAC frameworks, jail restrictions) to further constrain access
+* where appropriate.  A more specific privilege (e.g., kexec-specific)
+* could provide finer-grained control in environments requiring stricter
+* separation of administrative capabilities.
+*/
 	error = priv_check(td, PRIV_REBOOT);
 	if (error != 0)
 		return (error);