diff --git a/etc/xzdec.profile b/etc/xzdec.profile
new file mode 100644
index 000000000..f29f7360c
--- /dev/null
+++ b/etc/xzdec.profile
@@ -0,0 +1,13 @@
+# Firejail profile for XZ decompressor
+# xzdec.profile
+
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+seccomp
+tracelog
+noroot
+shell none