1exe,euser,egroup,pidns,caps,filter 2cloud-init,root,root,No,No,No 3device_policy_m,root,root,No,No,No 4ensure_gke_dock,root,root,No,No,No 5first-boot,root,root,No,No,No 6install_custom_,root,root,No,No,No 7get_metadata_va,root,root,No,No,No 8onboot,root,root,No,No,No 9systemd-journal,root,root,No,No,No 10systemd-logind,root,root,No,No,No 11systemd,root,root,No,No,No 12systemd-udevd,root,root,No,No,No 13 14# TODO: We need better filters on these. 15curl,root,root,No,No,No 16 17# These processes won't run without network (which is the case for VMTests), but 18# they also run as root and are not sandboxed. You will hit these if you try to 19# run VMTests on your own KVM instance. 20docker,root,root,No,No,No 21containerd,root,root,No,No,No 22 23# Processes that used by GCP compute image packages. 24google_ip_forwa,root,root,No,No,No 25google_accounts,root,root,No,No,No 26google_clock_sk,root,root,No,No,No 27google_metadata,root,root,No,No,No 28google_instance,root,root,No,No,No 29google_network_,root,root,No,No,No 30