kernel security changes for xeon

.config.xeon

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.10.4-hardened-r2 Kernel Configuration
+# Linux/x86 3.10.9-hardened-r1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -2696,8 +2696,8 @@ CONFIG_PAX=y
 # CONFIG_PAX_SOFTMODE is not set
 CONFIG_PAX_PT_PAX_FLAGS=y
 # CONFIG_PAX_XATTR_PAX_FLAGS is not set
-# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_NO_ACL_FLAGS=y
-CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HAVE_ACL_FLAGS is not set
 # CONFIG_PAX_HOOK_ACL_FLAGS is not set
 
 #
@@ -2727,22 +2727,22 @@ CONFIG_PAX_RANDMMAP=y
 #
 CONFIG_PAX_MEMORY_SANITIZE=y
 CONFIG_PAX_MEMORY_STACKLEAK=y
-# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
 CONFIG_PAX_MEMORY_UDEREF=y
 CONFIG_PAX_REFCOUNT=y
 CONFIG_PAX_CONSTIFY_PLUGIN=y
 CONFIG_PAX_USERCOPY=y
 # CONFIG_PAX_USERCOPY_DEBUG is not set
 CONFIG_PAX_SIZE_OVERFLOW=y
-# CONFIG_PAX_LATENT_ENTROPY is not set
+CONFIG_PAX_LATENT_ENTROPY=y
 
 #
 # Memory Protections
 #
 CONFIG_GRKERNSEC_KMEM=y
 CONFIG_GRKERNSEC_IO=y
-# CONFIG_GRKERNSEC_PERF_HARDEN is not set
+CONFIG_GRKERNSEC_PERF_HARDEN=y
-# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set
+CONFIG_GRKERNSEC_RAND_THREADSTACK=y
 CONFIG_GRKERNSEC_PROC_MEMMAP=y
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODHARDEN=y
@@ -2766,7 +2766,7 @@ CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
 # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
 CONFIG_GRKERNSEC_ROFS=y
-# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
 CONFIG_GRKERNSEC_CHROOT=y
 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
@@ -2812,9 +2812,14 @@ CONFIG_GRKERNSEC_SETXID=y
 #
 CONFIG_GRKERNSEC_RANDNET=y
 CONFIG_GRKERNSEC_BLACKHOLE=y
-# CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
 # CONFIG_GRKERNSEC_SOCKET is not set
 
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
 #
 # Sysctl Support
 #