7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 37,46 ****
--- 37,47 ----
  
  #include <sys/shm.h>    /* for shmid_ds structure */
  #include <sys/sem.h>    /* for semid_ds structure */
  #include <sys/msg.h>    /* for msqid_ds structure */
  #include <sys/atomic.h> /* using atomics */
+ #include <sys/secflags.h>
  
  /*
   * Audit conditions, statements reguarding what's to be done with
   * audit records.  None of the "global state" is returned by an
   * auditconfig -getcond call.  AUC_NOSPACE no longer seems used.
*** 588,597 ****
--- 589,600 ----
  void    audit_ipcget(int, void *);
  void    audit_fdsend(int, struct file *, int);
  void    audit_fdrecv(int, struct file *);
  void    audit_priv(int, const struct priv_set *, int);
  void    audit_setppriv(int, int, const struct priv_set *, const cred_t *);
+ void    audit_psecflags(proc_t *, psecflagwhich_t,
+     const secflagdelta_t *);
  void    audit_devpolicy(int, const struct devplcysys *);
  void    audit_update_context(proc_t *, cred_t *);
  void    audit_kssl(int, void *, int);
  void    audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int,
      pid_t);