7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -1939,10 +1939,24 @@
         skip_string(adr);       /* privilege set */
         return (-1);
 }
 
 /*
+ * Format of security flags token:
+ *      security flag set               string
+ *      security flags          string
+ */
+
+int
+secflags_token(adr_t *adr)
+{
+        skip_string(adr);       /* set name */
+        skip_string(adr);       /* security flags */
+        return (-1);
+}
+
+/*
  * Format of label token:
  *      label ID                1 byte
  *      compartment length      1 byte
  *      classification          2 bytes
  *      compartment words       <compartment length> * 4 bytes