Umm. A restricted container in docker or podman would be a much better approach, or am I missing something here?

I usually just spin up a Containerfile (Dockerfile) and pre-install the requirements.txt, limit memory, cpus, file system (volumes), networking, as I see fit.

Bonus points running it rootless (unprivileged).