7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 1939,1948 ****
--- 1939,1962 ----
          skip_string(adr);       /* privilege set */
          return (-1);
  }
  
  /*
+  * Format of security flags token:
+  *      security flag set               string
+  *      security flags          string
+  */
+ 
+ int
+ secflags_token(adr_t *adr)
+ {
+         skip_string(adr);       /* set name */
+         skip_string(adr);       /* security flags */
+         return (-1);
+ }
+ 
+ /*
   * Format of label token:
   *      label ID                1 byte
   *      compartment length      1 byte
   *      classification          2 bytes
   *      compartment words       <compartment length> * 4 bytes