diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index 26bf57ff90..bd812eb524 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -159,8 +159,8 @@ pkg_postinst() {
 	# Add a chronos-access group to provide non-chronos users,
 	# mostly system daemons running as a non-chronos user, group permissions
 	# to access files/directories owned by chronos.
-	local system_access_user="core-access"
-	local system_access_id="1001"
+#	local system_access_user="core-access"
+#	local system_access_id="1001"
 
 	local crypted_password='*'
 	[ -r "${SHARED_USER_PASSWD_FILE}" ] &&
@@ -172,28 +172,28 @@ pkg_postinst() {
 	add_shadow "${system_user}" "${crypted_password}"
 
 	copy_or_add_group "${system_user}" "${system_id}"
-	copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
+#	copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
 	copy_or_add_daemon_user "messagebus" 201  # For dbus
 	copy_or_add_daemon_user "syslog" 202      # For rsyslog
 	copy_or_add_daemon_user "ntp" 203
 	copy_or_add_daemon_user "sshd" 204
-	copy_or_add_daemon_user "polkituser" 206  # For policykit
+#	copy_or_add_daemon_user "polkituser" 206  # For policykit
 #	copy_or_add_daemon_user "tss" 207         # For trousers (TSS/TPM)
-	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
+#	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
 #	copy_or_add_daemon_user "qdlservice" 209  # for QDLService
 #	copy_or_add_daemon_user "cromo" 210       # For cromo (modem manager)
 #	copy_or_add_daemon_user "cashew" 211      # Deprecated, do not reuse
-	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
+#	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
 #	copy_or_add_daemon_user "cros-disks" 213  # For cros-disks
-	copy_or_add_daemon_user "tor" 214         # For tor (anonymity service)
-	copy_or_add_daemon_user "tcpdump" 215     # For tcpdump --with-user
-	copy_or_add_daemon_user "debugd" 216      # For debugd
-	copy_or_add_daemon_user "openvpn" 217     # For openvpn
+#	copy_or_add_daemon_user "tor" 214         # For tor (anonymity service)
+#	copy_or_add_daemon_user "tcpdump" 215     # For tcpdump --with-user
+#	copy_or_add_daemon_user "debugd" 216      # For debugd
+#	copy_or_add_daemon_user "openvpn" 217     # For openvpn
 #	copy_or_add_daemon_user "bluetooth" 218   # For bluez
 #	copy_or_add_daemon_user "wpa" 219         # For wpa_supplicant
 #	copy_or_add_daemon_user "cras" 220        # For cras (audio)
 #	copy_or_add_daemon_user "gavd" 221        # For gavd (audio) (deprecated)
-	copy_or_add_daemon_user "input" 222       # For /dev/input/event access
+#	copy_or_add_daemon_user "input" 222       # For /dev/input/event access
 #	copy_or_add_daemon_user "chaps" 223       # For chaps (pkcs11)
 	copy_or_add_daemon_user "dhcp" 224        # For dhcpcd (DHCP client)
 #	copy_or_add_daemon_user "tpmd" 225        # For tpmd
@@ -204,27 +204,17 @@ pkg_postinst() {
 #	copy_or_add_daemon_user "devbroker" 230   # For permission_broker
 #	copy_or_add_daemon_user "xorg" 231        # For Xorg
 	copy_or_add_daemon_user "etcd" 232        # For etcd
-	# Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based
-	# filesystem daemons.
+	copy_or_add_daemon_user "docker" 233      # For docker
+	copy_or_add_group "systemd-journal" 248   # For journalctl access
+	copy_or_add_group "dialout" 249           # For udev rules
 #	copy_or_add_daemon_user "ntfs-3g" 300     # For ntfs-3g prcoess
 #	copy_or_add_daemon_user "avfs" 301        # For avfs process
 #	copy_or_add_daemon_user "fuse-exfat" 302  # For exfat-fuse prcoess
+#	copy_or_add_group "serial" 402
 
-	# Users which require access to PKCS #11 cryptographic services must be
-	# in the pkcs11 group.
-	remove_all_users_from_group pkcs11
-	add_users_to_group pkcs11 root ipsec "${system_user}"
-
-	# All users accessing opencryptoki database files and all users for
-	# sandboxing FUSE-based filesystem daemons need to be in the
-	# ${system_access_user} group.
-	remove_all_users_from_group "${system_access_user}"
-	add_users_to_group "${system_access_user}" root ipsec "${system_user}" \
-
-	# Dedicated group for owning access to serial devices.
-	copy_or_add_group "serial" 402
-	add_users_to_group "serial" "${system_user}"
-	add_users_to_group "serial" "uucp"
+	# Give the core user access to some system tools
+	add_users_to_group "docker" "${system_user}"
+	add_users_to_group "systemd-journal" "${system_user}"
 
 	# Some default directories. These are created here rather than at
 	# install because some of them may already exist and have mounts.