| exe,euser,egroup,pidns,mntns,caps,nonewprivs,filter |
| |
| # See the baseline file for docs. |
| |
| cloud-init,root,root,No,No,No,No,No |
| device_policy_m,root,root,No,No,No,No,No |
| first-boot,root,root,No,No,No,No,No |
| onboot,root,root,No,No,No,No,No |
| systemd-journal,root,root,No,No,No,No,No |
| systemd-logind,root,root,No,No,No,No,No |
| systemd,root,root,No,No,No,No,No |
| systemd-udevd,root,root,No,No,No,No,No |
| |
| # TODO: These processes do not really need to run as root. Figure out a way to |
| # run them unprivileged/sandboxed. |
| curl,root,root,No,No,No,No,No |
| wait_for_user_d,root,root,No,No,No,No,No |
| get_metadata_va,root,root,No,No,No,No,No |
| install_custom_,root,root,No,No,No,No,No |
| konlet-startup,root,root,No,No,No,No,No |
| |
| # Docker daemon processes. |
| dockerd,root,root,No,No,No,No,No |
| docker-containe,root,root,No,No,No,No,No |
| containerd,root,root,No,No,No,No,No |
| |
| # Processes that used by GCP compute image packages. |
| google_ip_forwa,root,root,No,No,No,No,No |
| google_accounts,root,root,No,No,No,No,No |
| google_clock_sk,root,root,No,No,No,No,No |
| google_metadata,root,root,No,No,No,No,No |
| google_instance,root,root,No,No,No,No,No |
| google_network_,root,root,No,No,No,No,No |
| |
| # For GPUs |
| nvidia-persiste,root,root,No,No,No,No,No |
| # TODO(edjee): Once all the following two are removed, baseline-lakitu-gpu can |
| # be a symbolic link to baseline.lakitu . |
| # TODO(edjee): Remove nvidia-cuda-dev once http://b/32811301 is fixed. |
| nvidia-cuda-dev,root,root,No,No,No,No,No |
| # TODO(edjee): Remove softlockup-pani once http://b/34460537 is fixed. |
| softlockup-pani,root,root,No,No,No,No,No |