Docker | The .NET Blog

.NET 10 Ships with Ubuntu 26.04 LTS — Here's What's New

Emiliano Montesdeoca — Sat, 25 Apr 2026 00:00:00 +0000

It’s Ubuntu LTS day. Ubuntu 26.04 (Resolute Raccoon) launched today, and as with every Ubuntu LTS, it ships with the latest .NET LTS — in this case, .NET 10.

If you deploy .NET apps on Linux, this is the release cycle you care about. LTS on LTS — five years of support for the OS, matching .NET 10’s own long-term support window.

Install .NET 10 in two commands

sudo apt update
sudo apt install dotnet-sdk-10.0

That’s it. .NET is one of the officially supported toolchains on Ubuntu — not a third-party add-on. Microsoft and Canonical work together to make sure it works on day one.

Try it immediately

Here’s the thing I love about this: you can pull an ubuntu:resolute container image and be running C# in under a minute.

docker run --rm -it ubuntu:resolute
apt update
apt install -y dotnet-sdk-10.0
dotnet run - << 'EOF'
using System.Runtime.InteropServices;
Console.WriteLine($"Hello {RuntimeInformation.OSDescription} from .NET {RuntimeInformation.FrameworkDescription}");
EOF

That dotnet run - with a heredoc is a file-based app pattern — no project file, no directory, just C# piped to stdin. Honest, if you haven’t tried file-based apps yet, it’s worth a look.

Containers: update `-noble` to `-resolute`

The new container images use the resolute tag. Migration is a one-liner:

sed -i "s/noble/resolute/g" Dockerfile

All existing image flavors — including Chiseled — are available. The Chiseled images are still my go-to for production: minimal attack surface, no shell, no package manager, just the runtime. Update the tag and rebuild.

Native AOT: 3ms startup, 1.4MB binary

Ubuntu 26.04 ships a dedicated AOT package:

apt install -y dotnet-sdk-aot-10.0 clang

Here’s what you get when you publish a simple app:

dotnet publish app.cs
# artifacts/app/app — 1.4MB native binary

Startup time:

real 0m0.003s

3 milliseconds. For a full ASP.NET Core web service, the self-contained binary is around 13MB. That’s a completely self-contained deployable with no runtime dependency whatsoever.

For cloud-native workloads where cold-start time matters — Functions, containers, serverless — this is a legitimate game changer.

What changed in Ubuntu 26.04 that affects .NET

Three things worth knowing:

Linux 7.0 — The .NET team will start Linux 7.0 testing once they get 26.04 VMs in the lab. No breaking changes expected, but they’ll verify.
Post-quantum cryptography — Ubuntu 26.04 introduces PQC support, and .NET 10 added post-quantum cryptography APIs as well. Good alignment.
cgroup v1 removed — Ubuntu 26.04 drops cgroup v1. .NET added cgroup v2 support years ago, so this is a non-event. But if you’re on an older runtime, double-check.

Need .NET 8 or 9?

Those are available via the dotnet-backports PPA:

apt install -y software-properties-common
add-apt-repository ppa:dotnet/backports
apt install -y dotnet-sdk-8.0 # or dotnet-sdk-9.0

Support is “best-effort” — not the same guarantee as the LTS package in the main archive — but the packages are there and they work.

Wrapping up

Every two years, the Ubuntu LTS + .NET LTS alignment gives you a solid, long-support foundation for production workloads. Ubuntu 26.04 with .NET 10 is that foundation for the next cycle.

If you’re containerizing .NET apps, update your Dockerfiles. If you’re deploying on bare metal or VMs, apt install dotnet-sdk-10.0 and you’re done.

Read the full post from Richard Lander for the complete installation walkthrough and container details.

Docker Sandbox Lets Copilot Agents Refactor Your Code Without Risking Your Machine

Emiliano Montesdeoca — Fri, 17 Apr 2026 00:00:00 +0000

If you’ve used Copilot’s agent mode for anything beyond small edits, you know the pain. Every file write, every terminal command — another permission prompt. Now imagine running that across 50 projects. Not fun.

The Azure team just dropped a post about Docker Sandbox for GitHub Copilot agents, and honestly, this is one of the most practical agentic tooling improvements I’ve seen. It uses microVMs to give Copilot a fully isolated environment where it can go wild — install packages, run builds, execute tests — without touching your host system.

What Docker Sandbox actually gives you

The core idea is simple: spin up a lightweight microVM with a full Linux environment, sync your workspace into it, and let the Copilot agent operate freely inside. When it’s done, changes sync back.

Here’s what makes it more than just “run stuff in a container”:

Bidirectional workspace sync that preserves absolute paths. Your project structure looks identical inside the sandbox. No path-related build failures.
Private Docker daemon running inside the microVM. The agent can build and run containers without ever mounting your host’s Docker socket. That’s a big deal for security.
HTTP/HTTPS filtering proxies that control what the agent can reach on the network. You decide which registries and endpoints are allowed. Supply chain attacks from a rogue npm install inside the sandbox? Blocked.
YOLO mode — yes, that’s what they call it. The agent runs without permission prompts because it literally cannot damage your host. Every destructive action is contained.

Why .NET developers should care

Think about the modernization work so many teams are facing right now. You have a .NET Framework solution with 30 projects, and you need to move it to .NET 9. That’s hundreds of file changes — project files, namespace updates, API replacements, NuGet migrations.

With Docker Sandbox, you can point a Copilot agent at a project, let it refactor freely inside the microVM, run dotnet build and dotnet test to validate, and only accept the changes that actually work. No risk of it accidentally nuking your local dev environment while experimenting.

The post also describes running a fleet of parallel agents — each in its own sandbox — tackling different projects simultaneously. For large .NET solutions or microservice architectures, that’s a massive time saver. One agent per service, all running isolated, all validated independently.

The security angle matters

Here’s the thing most people skip over: when you let an AI agent execute arbitrary commands, you’re trusting it with your entire machine. Docker Sandbox flips that model. The agent gets full autonomy inside a throwaway environment. The network proxy ensures it can only pull from approved sources. Your host filesystem, Docker daemon, and credentials stay untouched.

For teams with compliance requirements — and that’s most enterprise .NET shops — this is the difference between “we can’t use agentic AI” and “we can adopt it safely.”

Takeaway

Docker Sandbox solves the fundamental tension of agentic coding: agents need freedom to be useful, but freedom on your host machine is dangerous. MicroVMs give you both. If you’re planning any large-scale .NET refactoring or modernization, this is worth setting up now. The combination of Copilot’s code intelligence with a safe execution environment is exactly what production teams have been waiting for.