70 lines
1.2 KiB
Plaintext
70 lines
1.2 KiB
Plaintext
// Workstation Security Profile
|
|
// For work computers with desktop integration and full network access
|
|
|
|
profile "Workstation" {
|
|
version "1.0"
|
|
description "Standard isolation with desktop integration for work computers"
|
|
|
|
// Isolation settings
|
|
isolation {
|
|
level "Standard" // Mount + filesystem namespaces
|
|
|
|
namespaces {
|
|
mount true
|
|
pid false
|
|
network false
|
|
ipc false
|
|
user false
|
|
uts false
|
|
}
|
|
}
|
|
|
|
// Desktop integration
|
|
desktop {
|
|
integration true
|
|
themes true
|
|
fonts true
|
|
clipboard true
|
|
dbus true
|
|
}
|
|
|
|
// Network access
|
|
network {
|
|
access "Full"
|
|
restrictions []
|
|
}
|
|
|
|
// Resource limits
|
|
resources {
|
|
max_memory "4GB"
|
|
max_cpu 0.8
|
|
max_disk "2GB"
|
|
max_processes 100
|
|
max_open_files 1024
|
|
}
|
|
|
|
// XDG enforcement
|
|
xdg {
|
|
enforce true
|
|
redirect_legacy true
|
|
strict_mode false
|
|
}
|
|
|
|
// Security settings
|
|
security {
|
|
allow_system_units false
|
|
audit_logging "Basic"
|
|
network_namespace false
|
|
filesystem_isolation true
|
|
}
|
|
|
|
// Default packages for workstation
|
|
recommended_packages [
|
|
"firefox"
|
|
"thunderbird"
|
|
"libreoffice"
|
|
"vim"
|
|
"git"
|
|
]
|
|
}
|