7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -37,10 +37,11 @@
 
 #include <sys/shm.h>    /* for shmid_ds structure */
 #include <sys/sem.h>    /* for semid_ds structure */
 #include <sys/msg.h>    /* for msqid_ds structure */
 #include <sys/atomic.h> /* using atomics */
+#include <sys/secflags.h>
 
 /*
  * Audit conditions, statements reguarding what's to be done with
  * audit records.  None of the "global state" is returned by an
  * auditconfig -getcond call.  AUC_NOSPACE no longer seems used.

@@ -588,10 +589,12 @@
 void    audit_ipcget(int, void *);
 void    audit_fdsend(int, struct file *, int);
 void    audit_fdrecv(int, struct file *);
 void    audit_priv(int, const struct priv_set *, int);
 void    audit_setppriv(int, int, const struct priv_set *, const cred_t *);
+void    audit_psecflags(proc_t *, psecflagwhich_t,
+    const secflagdelta_t *);
 void    audit_devpolicy(int, const struct devplcysys *);
 void    audit_update_context(proc_t *, cred_t *);
 void    audit_kssl(int, void *, int);
 void    audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int,
     pid_t);