For security you could also look into LXC instead of VMs if you don’t have favourable hardware. Firejail or apparmor are worth looking into as well, though it’s easy to mess up with those. It really depends on what you want to protect really.
Look at these two posts that I made, they might be relevant to you: