1exe,euser,egroup,pidns,mntns,caps,nonewprivs,filter 2# NOTE: When modifying this file, do the same for baseline.lakitu-gpu as well. 3 4# See the baseline file for docs. 5 6cloud-init,root,root,No,No,No,No,No 7device_policy_m,root,root,No,No,No,No,No 8first-boot,root,root,No,No,No,No,No 9onboot,root,root,No,No,No,No,No 10systemd-journal,root,root,No,No,No,No,No 11systemd-logind,root,root,No,No,No,No,No 12systemd,root,root,No,No,No,No,No 13systemd-udevd,root,root,No,No,No,No,No 14 15# TODO: These processes do not really need to run as root. Figure out a way to 16# run them unprivileged/sandboxed. 17curl,root,root,No,No,No,No,No 18wait_for_user_d,root,root,No,No,No,No,No 19get_metadata_va,root,root,No,No,No,No,No 20install_custom_,root,root,No,No,No,No,No 21konlet-startup,root,root,No,No,No,No,No 22 23# Docker daemon processes. 24dockerd,root,root,No,No,No,No,No 25docker-containe,root,root,No,No,No,No,No 26containerd,root,root,No,No,No,No,No 27 28# Processes that used by GCP compute image packages. 29google_ip_forwa,root,root,No,No,No,No,No 30google_accounts,root,root,No,No,No,No,No 31google_clock_sk,root,root,No,No,No,No,No 32google_metadata,root,root,No,No,No,No,No 33google_instance,root,root,No,No,No,No,No 34google_network_,root,root,No,No,No,No,No 35