7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -119,10 +119,11 @@
 #define AUT_EXEC_ARGS           ((char)0x3C)
 #define AUT_EXEC_ENV            ((char)0x3D)
 #define AUT_ATTR32              ((char)0x3E)
 #define AUT_UAUTH               ((char)0x3F)
 #define AUT_ZONENAME            ((char)0x60)    /* out of order */
+#define AUT_SECFLAGS            ((char)0x62)    /* out of order */
 
 /*
  * X windows token types
  */
 

@@ -296,10 +297,11 @@
 token_t *au_to_sock_inet(struct sockaddr_in *);
 token_t *au_to_exec_args(const char *, ssize_t);
 token_t *au_to_exec_env(const char *, ssize_t);
 token_t *au_to_label(bslabel_t *);
 token_t *au_to_privset(const char *, const priv_set_t *, char, int);
+token_t *au_to_secflags(const char *, secflagset_t);
 
 void    au_uwrite();
 void    au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t,
     timestruc_t *);
 void    au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *);