1 exe,euser,egroup,pidns,caps,nonewprivs,filter 2 3 # See the baseline file for docs. 4 5 cloud-init,root,root,No,No,No,No 6 device_policy_m,root,root,No,No,No,No 7 first-boot,root,root,No,No,No,No 8 onboot,root,root,No,No,No,No 9 systemd-journal,root,root,No,No,No,No 10 systemd-logind,root,root,No,No,No,No 11 systemd,root,root,No,No,No,No 12 systemd-udevd,root,root,No,No,No,No 13 14 # TODO: These processes do not really need to run as root. Figure out a way to 15 # run them unprivileged/sandboxed. 16 curl,root,root,No,No,No,No 17 wait_for_user_d,root,root,No,No,No,No 18 get_metadata_va,root,root,No,No,No,No 19 install_custom_,root,root,No,No,No,No 20 konlet-startup,root,root,No,No,No,No 21 22 # Docker daemon processes. 23 dockerd,root,root,No,No,No,No 24 docker-containe,root,root,No,No,No,No 25 26 # Processes that used by GCP compute image packages. 27 google_ip_forwa,root,root,No,No,No,No 28 google_accounts,root,root,No,No,No,No 29 google_clock_sk,root,root,No,No,No,No 30 google_metadata,root,root,No,No,No,No 31 google_instance,root,root,No,No,No,No 32 google_network_,root,root,No,No,No,No 33 34 # For GPUs 35 nvidia-persiste,root,root,No,No,No,No 36 # TODO(edjee): Once all the following two are removed, baseline-lakitu-gpu can 37 # be a symbolic link to baseline.lakitu . 38 # TODO(edjee): Remove nvidia-cuda-dev once http://b/32811301 is fixed. 39 nvidia-cuda-dev,root,root,No,No,No,No 40 # TODO(edjee): Remove softlockup-pani once http://b/34460537 is fixed. 41 softlockup-pani,root,root,No,No,No,No 42
