7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -96,10 +96,11 @@
 extern void     s5_IPC_perm_token(adr_t *, parse_context_t *);
 extern void     group_token();
 extern void     label_token(adr_t *, parse_context_t *);
 extern void     privilege_token(adr_t *, parse_context_t *);
 extern void     useofpriv_token(adr_t *, parse_context_t *);
+extern void     secflags_token(adr_t *, parse_context_t *);
 extern void     zonename_token(adr_t *, parse_context_t *);
 extern void     liaison_token(adr_t *, parse_context_t *);
 extern void     newgroup_token(adr_t *, parse_context_t *);
 extern void     exec_args_token(adr_t *, parse_context_t *);
 extern void     exec_env_token(adr_t *, parse_context_t *);