uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

*** 45,54 ****
--- 45,55 ----
  #include <sys/avl.h>
  #include <sys/rctl.h>
  #include <sys/list.h>
  #include <sys/avl.h>
  #include <sys/door_impl.h>
+ #include <sys/secflags.h>
  
  #ifdef  __cplusplus
  extern "C" {
  #endif
  
*** 345,354 ****
--- 346,356 ----
          uintptr_t       p_portcnt;      /* event ports counter */
          struct zone     *p_zone;        /* zone in which process lives */
          struct vnode    *p_execdir;     /* directory that p_exec came from */
          struct brand    *p_brand;       /* process's brand  */
          void            *p_brand_data;  /* per-process brand state */
+         psecflags_t     p_secflags;     /* per-process security flags */
  
          /* additional lock to protect p_sessp (but not its contents) */
          kmutex_t p_splock;
          rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
                                          /* protected by p_lock */
*** 782,791 ****
--- 784,800 ----
  #else
  #define LWP_MMODEL_NEWLWP()
  #define LWP_MMODEL_SHARED_AS(addr, sz)
  #endif
  
+ /* Security flag manipulation */
+ extern boolean_t secflag_enabled(proc_t *, uint_t);
+ extern void secflag_set(proc_t *, uint_t);
+ extern void secflag_enable(proc_t *, uint_t);
+ extern void secflag_disable(proc_t *, uint_t);
+ extern void secflag_promote(proc_t *);
+ 
  /*
   * Signal queue function prototypes. Must be here due to header ordering
   * dependencies.
   */
  extern void sigqfree(proc_t *);