7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 70,79 ****
--- 70,80 ----
  EXEC_DATA       ^platform/.*/multiboot$
  
  # Objects that are allowed to have an executable stack
  EXEC_STACK      ^platform/.*/MACH(kernel)/unix$
  EXEC_STACK      ^platform/.*/multiboot$
+ EXEC_STACK      ^opt/os-tests/tests/secflags/stacky$
  
  # Objects for which we allow relocations to the text segment
  TEXTREL         ^platform/.*/MACH(kernel)/unix$
  
  # Directories and files that are allowed to have no direct bound symbols