Home | History | Annotate | Download | only in security_SandboxedServices 
      1 exe,euser,egroup,pidns,caps,filter
      2 
      3 # Since udev creates device nodes and changes owners/perms, it needs to run as
      4 # root.  TODO: We should namespace it.
      5 udevd,root,root,No,No,No
      6 
      7 # Frecon needs to run as root and in the original namespace because it might
      8 # launch new shells via login.  Would be nice if it integrated things.
      9 frecon,root,root,No,No,No
     10 
     11 session_manager,root,root,No,No,No
     12 rsyslogd,syslog,syslog,No,No,No
     13 dbus-daemon,messagebus,messagebus,No,No,No
     14 wpa_supplicant,wpa,wpa,No,No,No
     15 shill,root,root,No,No,No
     16 X,xorg,xorg,No,No,No
     17 chapsd,chaps,chronos-access,No,No,No
     18 cryptohomed,root,root,No,No,No
     19 powerd,power,power,No,No,No
     20 ModemManager,modem,modem,No,No,No
     21 dhcpcd,dhcp,dhcp,No,No,No
     22 metrics_daemon,root,root,No,No,No
     23 disks,root,root,No,No,No
     24 update_engine,root,root,No,No,No
     25 bluetoothd,bluetooth,bluetooth,No,Yes,No
     26 debugd,root,root,No,No,No
     27 cras,cras,cras,No,No,No
     28 tcsd,tss,root,No,No,No
     29 cromo,cromo,cromo,No,No,No
     30 wimax-manager,root,root,No,No,No
     31 mtpd,mtp,mtp,No,No,Yes
     32 tlsdated,tlsdate,tlsdate,No,No,No
     33 lid_touchpad_he,root,root,No,No,No
     34 thermal.sh,root,root,No,No,No
     35 daisydog,watchdog,watchdog,No,No,No
     36 permission_brok,devbroker,root,No,Yes,No
     37 netfilter-queue,nfqueue,nfqueue,No,Yes,Yes
     38 warn_collector,root,root,No,No,No
     39 tlsdated-setter,root,root,No,No,No
     40 attestationd,attestation,attestation,No,No,No
     41 periodic_schedu,root,root,No,No,No
     42 esif_ufd,root,root,No,No,No
     43 easy_unlock,easy-unlock,easy-unlock,No,No,No
     44 sslh-fork,sslh,sslh,Yes,No,No
     45 arc-networkd,root,root,Yes,No,No
     46 arc-obb-mounter,root,root,Yes,No,No
     47 upstart-socket-,root,root,No,No,No
     48 timberslide,root,root,No,No,No
     49 
     50 # We need to run as root due to caps not preserving across execs.
     51 # firewalld will fork+exec iptables to handle requests, and it
     52 # takes care of dropping root/caps for those commands.
     53 # TODO: We can fix this when minijail supports ambient caps.  http://b/32066154
     54 firewalld,root,root,No,No,No
     55 
     56 # Broadcomm bluetooth firmware patch downloader runs on some veyron boards.
     57 brcm_patchram_p,root,root,No,No,No
     58 
     59 # tpm_manager runs on all TPM2 boards, such as reef.
     60 tpm_managerd,root,root,No,No,No
     61