7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 543,552 ****
--- 543,561 ----
  the project attribute.
                                          </loctext>
                                  </description>
                                  <cardinality min='1' max='1'/>
                          </prop_pattern>
+                         <prop_pattern name='security_flags' type='astring'
+                             required='false'>
+                                 <description>
+                                         <loctext xml:lang='C'>
+ An optional string specifying the security flags as defined in security-flags(5).
+                                         </loctext>
+                                 </description>
+                                 <cardinality min='1' max='1'/>
+                         </prop_pattern>
  
                          <!-- method_credential properties -->
                          <prop_pattern name='user' type='astring'
                              required='false'>
                                  <description>