1 exe,euser,egroup,pidns,mntns,caps,nonewprivs,filter 2 # NOTE: When modifying this file, do the same for baseline.lakitu-gpu as well. 3 4 # See the baseline file for docs. 5 6 cloud-init,root,root,No,No,No,No,No 7 device_policy_m,root,root,No,No,No,No,No 8 first-boot,root,root,No,No,No,No,No 9 onboot,root,root,No,No,No,No,No 10 systemd-journal,root,root,No,No,No,No,No 11 systemd-logind,root,root,No,No,No,No,No 12 systemd,root,root,No,No,No,No,No 13 systemd-udevd,root,root,No,No,No,No,No 14 15 # TODO: These processes do not really need to run as root. Figure out a way to 16 # run them unprivileged/sandboxed. 17 curl,root,root,No,No,No,No,No 18 wait_for_user_d,root,root,No,No,No,No,No 19 get_metadata_va,root,root,No,No,No,No,No 20 install_custom_,root,root,No,No,No,No,No 21 konlet-startup,root,root,No,No,No,No,No 22 23 # Docker daemon processes. 24 dockerd,root,root,No,No,No,No,No 25 docker-containe,root,root,No,No,No,No,No 26 containerd,root,root,No,No,No,No,No 27 28 # Processes that used by GCP compute image packages. 29 google_ip_forwa,root,root,No,No,No,No,No 30 google_accounts,root,root,No,No,No,No,No 31 google_clock_sk,root,root,No,No,No,No,No 32 google_metadata,root,root,No,No,No,No,No 33 google_instance,root,root,No,No,No,No,No 34 google_network_,root,root,No,No,No,No,No 35
