I want to be more deliberate about securing my tools, but all of the options seem so complex that I do not know where to begin. Then you get various pithy statements like, "chroot is not a security layer", "X cannot be used when you use Y", and it feels hopeless for a novice. Most of the documentation for these tools seem to expect a baseline system administration greater than my own.

I instead lean on heavyweight VMs, but would love something like this which should be a hard security boundary for little cost.