7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -1355,10 +1355,11 @@
 @ MSG_ARG_CYL           "-YL"
 @ MSG_ARG_CYP           "-YP"
 @ MSG_ARG_CYU           "-YU"
 @ MSG_ARG_Z             "-z"
 @ MSG_ARG_ZDEFNODEF     "-z[defs|nodefs]"
+@ MSG_ARG_ZASLR         "-zaslr"
 @ MSG_ARG_ZGUIDE        "-zguidance"
 @ MSG_ARG_ZNODEF        "-znodefs"
 @ MSG_ARG_ZNOINTERP     "-znointerp"
 @ MSG_ARG_ZRELAXRELOC   "-zrelaxreloc"
 @ MSG_ARG_ZNORELAXRELOC "-znorelaxreloc"

@@ -1371,10 +1372,11 @@
 @ MSG_ARG_ZSYMBOLCAP    "-zsymbolcap"
 @ MSG_ARG_ZFATWNOFATW   "-z[fatal-warnings|nofatalwarnings]"
 
 @ MSG_ARG_ABSEXEC       "absexec"
 @ MSG_ARG_ALTEXEC64     "altexec64"
+@ MSG_ARG_ASLR          "aslr"
 @ MSG_ARG_NOCOMPSTRTAB  "nocompstrtab"
 @ MSG_ARG_GROUPPERM     "groupperm"
 @ MSG_ARG_NOGROUPPERM   "nogroupperm"
 @ MSG_ARG_LAZYLOAD      "lazyload"
 @ MSG_ARG_NOLAZYLOAD    "nolazyload"

@@ -1471,10 +1473,13 @@
 @ MSG_ARG_T_WHOLEARC    "-whole-archive"
 @ MSG_ARG_T_WRAP        "-wrap"
 @ MSG_ARG_T_OPAR        "("
 @ MSG_ARG_T_CPAR        ")"
 
+@ MSG_ARG_ENABLED       "enabled"
+@ MSG_ARG_DISABLED      "disabled"
+
 # -z guidance=item strings
 @ MSG_ARG_GUIDE_DELIM           ",: \t"
 @ MSG_ARG_GUIDE_NO_ALL          "noall"
 @ MSG_ARG_GUIDE_NO_DEFS         "nodefs"
 @ MSG_ARG_GUIDE_NO_DIRECT       "nodirect"