diff --git a/sys/kern/kern_kexec.c b/sys/kern/kern_kexec.c
--- a/sys/kern/kern_kexec.c
+++ b/sys/kern/kern_kexec.c
@@ -342,7 +342,19 @@
 {
 	int error;
 
-	// FIXME: Do w need a better privilege check than PRIV_REBOOT here?
+/*
+ * XXX: Is PRIV_REBOOT sufficient here?
+ *
+ * Loading a new kernel image via kexec_load() is a more powerful operation
+ * than a traditional reboot, as it allows replacing the running kernel
+ * without returning to firmware or the bootloader.
+ *
+ * The current use of PRIV_REBOOT relies on the system security policy
+ * (e.g., MAC frameworks, jail restrictions) to further constrain access
+ * where appropriate.  A more specific privilege (e.g., kexec-specific)
+ * could provide finer-grained control in environments requiring stricter
+ * separation of administrative capabilities.
+ */
 	error = priv_check(td, PRIV_REBOOT);
 	if (error != 0)
 		return (error);