pfigel/policy.xml

## policy.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
  <!ELEMENT policymap (policy)+>
  <!ATTLIST policymap xmlns CDATA #FIXED ''>
  <!ELEMENT policy EMPTY>
  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<policymap>
  <policy domain="resource" name="memory" value="256MiB" />
  <policy domain="resource" name="map" value="256MiB" />
  <policy domain="resource" name="width" value="8KP" />
  <policy domain="resource" name="height" value="8KP" />
  <policy domain="resource" name="area" value="16KP" />
  <policy domain="resource" name="disk" value="512MB" />
  <policy domain="resource" name="file" value="512" />
  <policy domain="resource" name="thread" value="2" />
  <policy domain="resource" name="time" value="120" />
  <policy domain="system" name="precision" value="6" />
  <policy domain="system" name="max-memory-request" value="256MB" />
  <policy domain="system" name="memory-map" value="anonymous" />
  <policy domain="cache" name="memory-map" value="anonymous" />
  <policy domain="system" name="shred" value="1" />
  <policy domain="delegate" rights="none" pattern="*" />
  <policy domain="coder" rights="none" pattern="*" />
  <policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
  <!-- in order to avoid to get image with password text -->
  <policy domain="path" rights="none" pattern="@*" />
  <!-- replace value with a random passphrase -->
  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true" />
</policymap>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE policymap [
	<!ELEMENT policymap (policy)+>
	<!ATTLIST policymap xmlns CDATA #FIXED ''>
	<!ELEMENT policy EMPTY>
	<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
	name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
	stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
	]>
	<policymap>
	<policy domain="resource" name="memory" value="256MiB" />
	<policy domain="resource" name="map" value="256MiB" />
	<policy domain="resource" name="width" value="8KP" />
	<policy domain="resource" name="height" value="8KP" />
	<policy domain="resource" name="area" value="16KP" />
	<policy domain="resource" name="disk" value="512MB" />
	<policy domain="resource" name="file" value="512" />
	<policy domain="resource" name="thread" value="2" />
	<policy domain="resource" name="time" value="120" />
	<policy domain="system" name="precision" value="6" />
	<policy domain="system" name="max-memory-request" value="256MB" />
	<policy domain="system" name="memory-map" value="anonymous" />
	<policy domain="cache" name="memory-map" value="anonymous" />
	<policy domain="system" name="shred" value="1" />
	<policy domain="delegate" rights="none" pattern="*" />
	<policy domain="coder" rights="none" pattern="*" />
	<policy domain="coder" rights="read \| write" pattern="{GIF,JPEG,PNG,WEBP}" />
	<!-- in order to avoid to get image with password text -->
	<policy domain="path" rights="none" pattern="@*" />
	<!-- replace value with a random passphrase -->
	<policy domain="cache" name="shared-secret" value="passphrase" stealth="true" />
	</policymap>