7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -39,10 +39,12 @@
 #include <dlfcn.h>
 #include <libld.h>
 #include <sgs.h>
 #include <sgsmsg.h>
 
+#include <sys/secflags.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 /*

@@ -323,10 +325,16 @@
 typedef union {
         Conv_inv_buf_t                  inv_buf;
         char                            buf[CONV_CNOTE_PROC_FLAG_BUFSIZE];
 } Conv_cnote_proc_flag_buf_t;
 
+/* conv_prsecflags() */
+#define CONV_PRSECFLAGS_BUFSIZE         57
+typedef union {
+        Conv_inv_buf_t                  inv_buf;
+        char                            buf[CONV_PRSECFLAGS_BUFSIZE];
+} Conv_secflags_buf_t;
 
 /* conv_cnote_sigset() */
 #define CONV_CNOTE_SIGSET_BUFSIZE       639
 typedef union {
         Conv_inv_buf_t                  inv_buf;

@@ -820,10 +828,12 @@
                             Conv_inv_buf_t *);
 extern  const char      *conv_cnote_pr_why(short, Conv_fmt_flags_t,
                             Conv_inv_buf_t *);
 extern  const char      *conv_cnote_priv(int, Conv_fmt_flags_t,
                             Conv_inv_buf_t *);
+extern  const char      *conv_prsecflags(secflagset_t, Conv_fmt_flags_t,
+                            Conv_secflags_buf_t *);
 extern  const char      *conv_cnote_psetid(int, Conv_fmt_flags_t,
                             Conv_inv_buf_t *);
 extern  const char      *conv_cnote_sa_flags(int, Conv_fmt_flags_t,
                             Conv_cnote_sa_flags_buf_t *);
 extern  const char      *conv_cnote_signal(Word, Conv_fmt_flags_t,