1exe,euser,egroup,pidns,mntns,caps,nonewprivs,filter 2 3# See the baseline file for docs. 4 5cloud-init,root,root,No,No,No,No,No 6device_policy_m,root,root,No,No,No,No,No 7first-boot,root,root,No,No,No,No,No 8onboot,root,root,No,No,No,No,No 9systemd-journal,root,root,No,No,No,No,No 10systemd-logind,root,root,No,No,No,No,No 11systemd,root,root,No,No,No,No,No 12systemd-udevd,root,root,No,No,No,No,No 13 14# TODO: These processes do not really need to run as root. Figure out a way to 15# run them unprivileged/sandboxed. 16curl,root,root,No,No,No,No,No 17wait_for_user_d,root,root,No,No,No,No,No 18get_metadata_va,root,root,No,No,No,No,No 19install_custom_,root,root,No,No,No,No,No 20konlet-startup,root,root,No,No,No,No,No 21 22# Docker daemon processes. 23dockerd,root,root,No,No,No,No,No 24docker-containe,root,root,No,No,No,No,No 25containerd,root,root,No,No,No,No,No 26 27# Processes that used by GCP compute image packages. 28google_ip_forwa,root,root,No,No,No,No,No 29google_accounts,root,root,No,No,No,No,No 30google_clock_sk,root,root,No,No,No,No,No 31google_metadata,root,root,No,No,No,No,No 32google_instance,root,root,No,No,No,No,No 33google_network_,root,root,No,No,No,No,No 34 35# For GPUs 36nvidia-persiste,root,root,No,No,No,No,No 37# TODO(edjee): Once all the following two are removed, baseline-lakitu-gpu can 38# be a symbolic link to baseline.lakitu . 39# TODO(edjee): Remove nvidia-cuda-dev once http://b/32811301 is fixed. 40nvidia-cuda-dev,root,root,No,No,No,No,No 41# TODO(edjee): Remove softlockup-pani once http://b/34460537 is fixed. 42softlockup-pani,root,root,No,No,No,No,No 43