Incus is a container manager for Linux. Unlike Docker or Podman it is built to run system containers and not only application containers. It can also run virtual machines. I have previously used Vagrant for development environments, but nowadays it seems to have been commercialized, tries to sell me "Vagrant Cloud", got licensed under non-free “Business Source License” and is not packaged in Arch Linux. Incus looks like a modern replacement for development setups.
Since I am running Arch Linux, I installed Incus with pacman -S incus.
This installed version 6.22.0.
Unfortunately, I did not find if the documentation
has permalinks, so links to the documentation are going to be to GitHub.
It has lxc as a dependency which I already had installed manually, but did not use.
After installing I added myself to incus-admin group with usermod -aG incus-admin user,
then relogged and checked that I am in the group with groups.
I later found out that adding users to incus-admin essentially gives them root access
because they can mount anything from the host system into containers. I fixed it later, see below.
I ran incus admin init and answered all questions with the default answer,
except for the question about automatic image update where I have selected “no”
because I will likely use Incus for development from time to time
and don't want Incus to update images in the background when not really used.
I tried to launch a container, but it failed:
$ incus launch images:debian/12 foobar Launching foobar Error: Failed instance creation: Failed creating instance record: Failed initializing instance: System doesn't have a functional idmap setup
Documentation says that root needs to have at least 10M subuids and subgids assigned.
I have looked at my files /etc/subuid and /etc/subgid and they were already non-empty:
$ cat /etc/subuid user:100000:65536 $ cat /etc/subgid user:100000:65536
On Arch Linux
/etc/subuid and
/etc/subgid
come from the core/filesystem package and are initially empty.
I don't know why they were non-empty already, maybe I have set them up for LXC and forgot.
I ran usermod --add-subuids 1000000-10999999 --add-subgids 1000000-10999999 root to allocate 10M ids and the command worked:
$ incus launch images:debian/12 foobar Launching foobar $ incus exec foobar bash root@foobar:~#
I later looked at the tutorial and found that
there is an incus group
which allows to manage containers too, but without full control over incus or mounting paths not from their home.
I removed myself from the incus-admin group with gpasswd incus-admin -d user
and added to incus group with gpasswd incus -a user,
then logged out and back in.
Trying to use Incus failed:
$ incus list Error: You don't have the needed permissions to talk to the incus daemon (socket path: /var/lib/incus/unix.socket)
I fixed this problem by running systemctl enable --now incus-user.socket
Afterwards, incus list worked but existing containers remained only visible when running incus list as root.
Command incus network list also showed incusbr-1000 with a description "Network for user restricted project user-1000",
while as root I see incusbr0 and physical interfaces.
Incus is a fork of LXD. On Arch Linux lxd package has a command named lxc
which has nothing to do with the lxc package that Incus depends on
and which contains commands like lxc-create, lxc-ls etc. that allow to manage containers manually.
To avoid confusion it is best not to install LXD.