74 lines
1.4 KiB
Plaintext
74 lines
1.4 KiB
Plaintext
// Satellite Security Profile
|
|
// For laptops and mobile devices with strict isolation and limited network
|
|
|
|
profile "Satellite" {
|
|
version "1.0"
|
|
description "Strict isolation with limited network for remote/mobile systems"
|
|
|
|
// Isolation settings (strict for mobile security)
|
|
isolation {
|
|
level "Strict" // Mount + PID + network + IPC namespaces
|
|
|
|
namespaces {
|
|
mount true
|
|
pid true
|
|
network true
|
|
ipc true
|
|
user false
|
|
uts false
|
|
}
|
|
}
|
|
|
|
// Desktop integration (maintained for usability)
|
|
desktop {
|
|
integration true
|
|
themes true
|
|
fonts true
|
|
clipboard false // Disabled for security
|
|
dbus true
|
|
}
|
|
|
|
// Network access (limited for mobile)
|
|
network {
|
|
access "Limited"
|
|
restrictions [
|
|
"no_local_network"
|
|
"vpn_required"
|
|
]
|
|
allow_local_network false
|
|
}
|
|
|
|
// Resource limits (conservative for battery life)
|
|
resources {
|
|
max_memory "2GB"
|
|
max_cpu 0.6
|
|
max_disk "1GB"
|
|
max_processes 50
|
|
max_open_files 512
|
|
}
|
|
|
|
// XDG enforcement (strict)
|
|
xdg {
|
|
enforce true
|
|
redirect_legacy true
|
|
strict_mode true
|
|
}
|
|
|
|
// Security settings (enhanced for mobile)
|
|
security {
|
|
allow_system_units false
|
|
audit_logging "Enhanced"
|
|
network_namespace true
|
|
filesystem_isolation true
|
|
encryption_required true
|
|
}
|
|
|
|
// Default packages for mobile use
|
|
recommended_packages [
|
|
"firefox"
|
|
"thunderbird"
|
|
"vim"
|
|
"wireguard"
|
|
]
|
|
}
|