Attaching file descriptors to processes with CLONE_FD

It turns out that implementation-wise, the process descriptor parts of Capsicum are fairly orthogonal to the capabilities/capability-mode parts of it. (For example, I keep a topic branch in my git repo for each, and merging the two branches together only requires 3 small diffs, basically adding the Capsicum rights checks for CAP_PDGETPID/CAP_PDKILL/CAP_PDWAIT.)

And, as is pointed out above, Josh and Thiago have been very receptive to making sure that the FreeBSD process descriptor primitives can be implemented in terms of the clonefd functionality (and future extensions to it). So I'm optimistic that we're going to end up with the best of both worlds -- clonefd functionality as a Linux primitive that can be lightly-wrapped to be compatible with the FreeBSD process descriptor API.