Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu

Canonical released Workshop, a tool that launches sandboxed development environments on Ubuntu with a single command. Environments are configured once and reproduced on different machines, giving teams consistent setups across development workstations and deployment pipelines.

A terminal showing the output of the workshop launch and list commands (Source: Canonical)

How Workshop defines environments

Workshop environments are described in YAML files, which can be version-controlled and shared among contributors to a project. A single command creates, upgrades, or tears down an environment based on that configuration. Developers can pull SDKs into a Workshop by referencing them in the YAML, with current options including Ollama, OpenCode, NVIDIA CUDA, and AMD ROCm.

The system uses an interface mechanism inspired by snapd to handle host resource allocation. Workshop provides a standardized way to access mounts, devices, and network services from inside a contained environment, removing the need for custom mapping scripts and filesystem path juggling. Where a prebuilt SDK exists for a specific hardware capability, developers can include it directly; where one does not exist, they can write a custom SDK for personal use.

Sandboxing aimed at AI agent workflows

Workshop runs each environment inside an unprivileged system container to reduce the attack surface exposed to workloads. Canonical has positioned the sandboxing model toward agentic AI development, where code-executing agents operate alongside human developers and require tighter access controls.
SDKs in Workshop request host resources, such as desktop access for GUI applications or access to the SSH agent, through a uniform mechanism. Strict access controls can be enforced on AI agents through the same channel.

“Developers operating at the cutting edge want to focus on what they’re building, not on dependencies or workstation configuration,” said Jon Seager, VP of Engineering at Canonical. “Workshop enables developers to achieve that elegantly with a single YAML file that defines their environment, and pulls the exact dependencies and components they need. Workshops also serve to standardize and sandbox agentic tooling consistently across teams.”

Documentation for managing workspaces, browsing the SDK store, and building SDKs is published on Canonical’s documentation site.