7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 96,105 ****
--- 96,106 ----
  extern void     s5_IPC_perm_token(adr_t *, parse_context_t *);
  extern void     group_token();
  extern void     label_token(adr_t *, parse_context_t *);
  extern void     privilege_token(adr_t *, parse_context_t *);
  extern void     useofpriv_token(adr_t *, parse_context_t *);
+ extern void     secflags_token(adr_t *, parse_context_t *);
  extern void     zonename_token(adr_t *, parse_context_t *);
  extern void     liaison_token(adr_t *, parse_context_t *);
  extern void     newgroup_token(adr_t *, parse_context_t *);
  extern void     exec_args_token(adr_t *, parse_context_t *);
  extern void     exec_env_token(adr_t *, parse_context_t *);