// Workstation Security Profile
// For work computers with desktop integration and full network access

profile "Workstation" {
  version "1.0"
  description "Standard isolation with desktop integration for work computers"

  // Isolation settings
  isolation {
    level "Standard"  // Mount + filesystem namespaces

    namespaces {
      mount true
      pid false
      network false
      ipc false
      user false
      uts false
    }
  }

  // Desktop integration
  desktop {
    integration true
    themes true
    fonts true
    clipboard true
    dbus true
  }

  // Network access
  network {
    access "Full"
    restrictions []
  }

  // Resource limits
  resources {
    max_memory "4GB"
    max_cpu 0.8
    max_disk "2GB"
    max_processes 100
    max_open_files 1024
  }

  // XDG enforcement
  xdg {
    enforce true
    redirect_legacy true
    strict_mode false
  }

  // Security settings
  security {
    allow_system_units false
    audit_logging "Basic"
    network_namespace false
    filesystem_isolation true
  }

  // Default packages for workstation
  recommended_packages [
    "firefox"
    "thunderbird"
    "libreoffice"
    "vim"
    "git"
  ]
}