Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 361,370 ****
--- 361,376 ----
             Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
             its scheduling class to any scheduling class, including the RT
             class.
  
  
+        PRIV_PROC_SECFLAGS
+ 
+            Allow a process to manipulate the secflags of processes (subject
+            to, additionally, the ability to signal that process).
+ 
+ 
         PRIV_PROC_SESSION
  
             Allow a process to send signals or trace processes outside its
             session.
  
*** 917,922 ****
  
         System Administration Guide: Security Services
  
  
  
!                                  April 9, 2016                   PRIVILEGES(5)
--- 923,928 ----
  
         System Administration Guide: Security Services
  
  
  
!                                  June 6, 2016                    PRIVILEGES(5)