7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -88,13 +88,14 @@
 #define RT_PCAP         24
 #define RT_HOSTID       25      /* really a property, but for info ... */
 #define RT_ADMIN        26
 #define RT_FS_ALLOWED   27
 #define RT_MAXPROCS     28      /* really a rctl alias property, but for info */
+#define RT_SECFLAGS     29
 
 #define RT_MIN          RT_UNKNOWN
-#define RT_MAX          RT_MAXPROCS
+#define RT_MAX          RT_SECFLAGS
 
 /* property types: increment PT_MAX when expanding this list */
 #define PT_UNKNOWN      0
 #define PT_ZONENAME     1
 #define PT_ZONEPATH     2

@@ -135,13 +136,16 @@
 #define PT_USER         37
 #define PT_AUTHS        38
 #define PT_FS_ALLOWED   39
 #define PT_MAXPROCS     40
 #define PT_ALLOWED_ADDRESS      41
+#define PT_DEFAULT      42
+#define PT_LOWER        43
+#define PT_UPPER        44
 
 #define PT_MIN          PT_UNKNOWN
-#define PT_MAX          PT_ALLOWED_ADDRESS
+#define PT_MAX          PT_UPPER
 
 #define MAX_EQ_PROP_PAIRS       3
 
 #define PROP_VAL_SIMPLE         0
 #define PROP_VAL_COMPLEX        1