Threw together an Apparmor profile + zsh integration to automatically run build/package tools confined inside a predefined set of project directories with aa-exec on dev mahines. This won't prevent packages in project A from attacking project B, but should at least keep out garden variety infostealers.

It's a bit of a lost opportunity that AA profiles can't easily be loaded at runtime so you can't just give aa-exec a path to a profile, it has to be preloaded into the kernel. I guess this is where Landlock would shine, but the AA profile language is IMO pretty convenient.

The development process turned up some gems like poetry (Python package tool) going into an infinite retry loop if it gets EACCES on anything.