From 9205a1550b4dfc0fed84fc84a907d9e2d6699577 Mon Sep 17 00:00:00 2001
From: Kolan Sh <mecareful@gmail.com>
Date: Fri, 6 Sep 2013 17:35:48 +0400
Subject: [PATCH] kernel security changes for xeon

---
 .config.xeon | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/.config.xeon b/.config.xeon
index cd95830..6c59306 100644
--- a/.config.xeon
+++ b/.config.xeon
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.10.4-hardened-r2 Kernel Configuration
+# Linux/x86 3.10.9-hardened-r1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -2696,8 +2696,8 @@ CONFIG_PAX=y
 # CONFIG_PAX_SOFTMODE is not set
 CONFIG_PAX_PT_PAX_FLAGS=y
 # CONFIG_PAX_XATTR_PAX_FLAGS is not set
-# CONFIG_PAX_NO_ACL_FLAGS is not set
-CONFIG_PAX_HAVE_ACL_FLAGS=y
+CONFIG_PAX_NO_ACL_FLAGS=y
+# CONFIG_PAX_HAVE_ACL_FLAGS is not set
 # CONFIG_PAX_HOOK_ACL_FLAGS is not set
 
 #
@@ -2727,22 +2727,22 @@ CONFIG_PAX_RANDMMAP=y
 #
 CONFIG_PAX_MEMORY_SANITIZE=y
 CONFIG_PAX_MEMORY_STACKLEAK=y
-# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
 CONFIG_PAX_MEMORY_UDEREF=y
 CONFIG_PAX_REFCOUNT=y
 CONFIG_PAX_CONSTIFY_PLUGIN=y
 CONFIG_PAX_USERCOPY=y
 # CONFIG_PAX_USERCOPY_DEBUG is not set
 CONFIG_PAX_SIZE_OVERFLOW=y
-# CONFIG_PAX_LATENT_ENTROPY is not set
+CONFIG_PAX_LATENT_ENTROPY=y
 
 #
 # Memory Protections
 #
 CONFIG_GRKERNSEC_KMEM=y
 CONFIG_GRKERNSEC_IO=y
-# CONFIG_GRKERNSEC_PERF_HARDEN is not set
-# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set
+CONFIG_GRKERNSEC_PERF_HARDEN=y
+CONFIG_GRKERNSEC_RAND_THREADSTACK=y
 CONFIG_GRKERNSEC_PROC_MEMMAP=y
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODHARDEN=y
@@ -2766,7 +2766,7 @@ CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
 # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
 CONFIG_GRKERNSEC_ROFS=y
-# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
 CONFIG_GRKERNSEC_CHROOT=y
 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
@@ -2812,9 +2812,14 @@ CONFIG_GRKERNSEC_SETXID=y
 #
 CONFIG_GRKERNSEC_RANDNET=y
 CONFIG_GRKERNSEC_BLACKHOLE=y
-# CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
 # CONFIG_GRKERNSEC_SOCKET is not set
 
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
 #
 # Sysctl Support
 #