To enforce syscall policy around mmap/munmap/mremap/mprotect, we need to track what the current memory map of the compartmentalized process looks like. Currently we do this by starting with a blank slate and tracking each call to these functions. This approach does not capture the entire state of the memory map because a process starts with an initial set of mappings including its executable itself, its stack, and the vDSO, prior to the dynamic loader creating mappings for dependency libraries and any actual calls to mmap/etc.

We may need to track these mappings to prevent them being modified by a malicious compartment. This might involve reading and parsing /proc/pid/maps, which sucks but I'm not aware of a better option.