Self isolating binaries
This is a play proposal for a new wrapper around
go build that would build your binary but
wrap it in code that would prepare isolation around your binary on run.
A concept of this is in https://github.com/jfrazelle/binctr, in that it takes a docker image and embeds the contents into a final binary so you have a self-contained binary.
The binctr example is unnessesarily heavy for
go binaries because all you need is a completely static