7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 119,128 ****
--- 119,129 ----
  #define AUT_EXEC_ARGS           ((char)0x3C)
  #define AUT_EXEC_ENV            ((char)0x3D)
  #define AUT_ATTR32              ((char)0x3E)
  #define AUT_UAUTH               ((char)0x3F)
  #define AUT_ZONENAME            ((char)0x60)    /* out of order */
+ #define AUT_SECFLAGS            ((char)0x62)    /* out of order */
  
  /*
   * X windows token types
   */
  
*** 296,305 ****
--- 297,307 ----
  token_t *au_to_sock_inet(struct sockaddr_in *);
  token_t *au_to_exec_args(const char *, ssize_t);
  token_t *au_to_exec_env(const char *, ssize_t);
  token_t *au_to_label(bslabel_t *);
  token_t *au_to_privset(const char *, const priv_set_t *, char, int);
+ token_t *au_to_secflags(const char *, secflagset_t);
  
  void    au_uwrite();
  void    au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t,
      timestruc_t *);
  void    au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *);