Secure your Go builds with AppArmor
If you have a Linux system with AppArmor, you can use it to secure your Go builds.
First install Go in /usr/local/go as in the the instructions.
Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory.
#include <tunables/global> profile go /usr/local/go/bin/go { #include <abstractions/base> #include <abstractions/consoles> /tmp/ r, /tmp/** rwkix, @{PROC}/** r, /sys/** r, /dev/** r, /etc/** r, /usr/** r, /bin/** ix, /usr/bin/** ix, /usr/libexec/** ix, /usr/lib/** ix, /usr/local/go/** rix, owner @{HOME}/.
read more