If you have a Linux system with AppArmor, you can use it to secure your Go builds. First install Go in /usr/local/go as in the the instructions. Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory. #include <tunables/global> profile go /usr/local/go/bin/go { #include <abstractions/base> #include <abstractions/consoles> /tmp/ r, /tmp/** rwkix, @{PROC}/** r, /sys/** r, /dev/** r, /etc/** r, /usr/** r, /bin/** ix, /usr/bin/** ix, /usr/libexec/** ix, /usr/lib/** ix, /usr/local/go/** rix, owner @{HOME}/.

If you have a Linux system with AppArmor, you can use it to secure your Rust builds. First install Rust with rustup in ~/.cargo/bin. Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory. #include <tunables/global> profile cargo-bin ${HOME}/{.cargo/bin/*,.local/share/JetBrains/IntelliJIdea*/intellij-rust/bin/linux/x64/*} { #include <abstractions/base> #include <abstractions/consoles> @{PROC}** r, /sys/** r, /usr/bin/** ix, /usr/include/** r, /usr/libexec/** rix, /usr/share/** r, /tmp/ r, /tmp/** rwkix, owner @{HOME}/.gitconfig r, owner @{HOME}/.gitignore r, owner @{HOME}/.rustup/** r, owner @{HOME}/.

If you have a Linux system with AppArmor, you can use it to secure your Gradle builds. Here is how I installed it on Ubuntu Linux: Make sure you have a Java Development Kit installed. Set the JAVA_HOME environment variable to point to your JDK by creating a file /etc/profile.d/java.sh with this content: #!/bin/sh export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64 Make a manual installation of Gradle in /opt/gradle. Make it available in PATH: $ cd /usr/bin $ sudo ln -s .