{"slug": "ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command", "title": "Ubuntu releases Workshops: Sandboxed dev environments in a single command", "summary": "Canonical announced the release of Workshop, a tool that launches sandboxed development environments with a single command, enabling consistent and repeatable workflows across different machines. The solution allows developers to define environments in YAML files, pull SDKs for agentic AI and other cutting-edge workflows, and run workloads in unprivileged system containers to minimize security risks. Workshop aims to reduce time spent on dependency management and workstation configuration while enforcing strict access controls for AI agents.", "body_md": "**Developers now benefit from consistency and repeatability for cutting-edge workflows, including agentic AI.**\n\nToday, Canonical announced the release of Workshop, a solution for launching development environments with a single command. These environments are configured once, and can be reproduced on different machines. This means consistent workflows across development machines and deployment pipelines, and less time managing dependencies.\n\n“Developers operating at the cutting edge want to focus on what they’re building, not on dependencies or workstation configuration,” said Jon Seager, VP of Engineering at Canonical. “Workshop enables developers to achieve that elegantly with a single YAML file that defines their environment, and pulls the exact dependencies and components they need. Workshops also serve to standardize and sandbox agentic tooling consistently across teams.”\n\nComposable and repeatable development environments\n\nThe time window between “cutting edge” and “mainstream” continues to shrink, meaning developers don’t have time to wait. However, this typically means extensive manual effort: both in configuring all the software you require, and ensuring it can harmlessly and effectively run on your machine. The problem scales when team members need to collaborate, often on different hardware.\n\nWorkshop brings composability and repeatability to developer environments. Individuals can pull SDKs such as Ollama, OpenCode, NVIDIA CUDA, and AMD ROCm by including them in their Workshop configuration files. Once an environment is specified, creating, upgrading, or winding down an environment can be done with a few keystrokes.\n\nWorkshop environments are defined in simple YAML documents, and can therefore be version controlled and shared among project contributors. Workshops can be trivially reproduced with a single command, and feature an interface system, inspired by snapd, that simplifies host resource allocation.\n\nAgent-ready sandboxing\n\nIn the fast-paced world of agentic AI, teams need resilient confinement to ensure they can develop at speed, without risking harm to the host system. Workshop’s development environments run in unprivileged system containers to minimize the attack surface available to workloads running within them.\n\nRepeatability applies to security, too. In Workshop, SDKs are limited to a uniform means of requesting access to resources, such as access to the desktop to display a GUI app, or access to the SSH agent from the host machine. Security doesn’t depend on knowing the individual protocols of a container, and strict access controls can be enforced for AI agents.\n\n“Ease of use for developers shouldn’t mean ease of access for AI agents. There’s naturally a tension between these two ‘user’ groups, but Workshop resolves it through strict enforcement of access controls,” said Dmitry Lyfar, Engineering Manager at Canonical. “Resource allocation remains simple and consistent across all environments to minimize human error, while non-privileged defaults effectively constrain workload capabilities.”\n\nAccess your host’s resources in the simplest way possible\n\nWorkshop’s isolation doesn’t mean you’re cut off from the specific capabilities your hardware has to offer. Workshop dispenses with complex mapping scripts and filesystem paths, offering instead a standardized way to access mounts, devices, and network services from the contained environment.\n\nIf a pre-designed SDK already exists to access a specific piece of hardware, you can choose to incorporate it into your YAML to optimize the resulting toolchain for your machine; if it doesn’t, you can create a custom one just for yourself.\n\nGet started with Workshop\n\nEnsure you’re running LXD 6.8 or newer before installing Workshop.\n\n```\nsudo snap install --channel=6/stable lxd\nsudo snap install --classic workshop\n```\n\nTo learn more about managing modular workspaces, exploring the SDK store, or building SDKs, [read the Workshop documentation here](https://documentation.ubuntu.com/canonical-workshop/latest/).", "url": "https://wpnews.pro/news/ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command", "canonical_source": "https://discourse.ubuntu.com/t/introducing-workshop-launch-sandboxed-development-environments-on-ubuntu-with-a-single-command/83322", "published_at": "2026-05-27 15:26:31+00:00", "updated_at": "2026-05-27 15:46:36.538340+00:00", "lang": "en", "topics": ["ai-tools", "ai-infrastructure", "ai-agents", "mlops", "artificial-intelligence"], "entities": ["Canonical", "Jon Seager", "Workshop", "Ubuntu", "Ollama", "OpenCode", "NVIDIA CUDA", "AMD ROCm"], "alternates": {"html": "https://wpnews.pro/news/ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command", "markdown": "https://wpnews.pro/news/ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command.md", "text": "https://wpnews.pro/news/ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command.txt", "jsonld": "https://wpnews.pro/news/ubuntu-releases-workshops-sandboxed-dev-environments-in-a-single-command.jsonld"}}