uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -1726,10 +1726,23 @@
 secpolicy_pset(const cred_t *cr)
 {
         return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
 }
 
+/* Process security flags */
+int
+secpolicy_psecflags(const cred_t *cr, proc_t *tp, proc_t *sp)
+{
+        if (PRIV_POLICY(cr, PRIV_PROC_SECFLAGS, B_FALSE, EPERM, NULL) != 0)
+                return (EPERM);
+
+        if (!prochasprocperm(tp, sp, cr))
+                return (EPERM);
+
+        return (0);
+}
+
 /*
  * Processor set binding.
  */
 int
 secpolicy_pbind(const cred_t *cr)