7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -326,10 +326,11 @@
 #define SCF_PROPERTY_RESTART            ((const char *)"restart")
 #define SCF_PROPERTY_RESTARTER          ((const char *)"restarter")
 #define SCF_PROPERTY_RESTART_INTERVAL   ((const char *)"restart_interval")
 #define SCF_PROPERTY_RESTART_ON         ((const char *)"restart_on")
 #define SCF_PROPERTY_RESTORE            ((const char *)"restore")
+#define SCF_PROPERTY_SECFLAGS           ((const char *)"security_flags")
 #define SCF_PROPERTY_SINGLE_INSTANCE    ((const char *)"single_instance")
 #define SCF_PROPERTY_START_METHOD_TIMESTAMP     \
         ((const char *)"start_method_timestamp")
 #define SCF_PROPERTY_START_METHOD_WAITSTATUS    \
         ((const char *)"start_method_waitstatus")