Stéphane Graber, a leader of the Linux Containers project and co-creator of the LXC toolkit, recently unveiled a new Linux distribution called IncusOS. IncusOS offers an atomically updated system image designed for creating servers that can be centrally managed using the Incus toolkit, which is a fork of LXD. This distribution is currently being developed within the Linux Containers project, which oversees the development of tools such as LXC and Incus. The project is based on Go and all developments are distributed under the Apache 2.0 license.
System images for IncusOS are provided for x86_64 and ARM64 architectures and are based on the trimmed-down Debian 13 environment and the Linux kernel from the Zabbly repository. ZFS is utilized as the file system to optimize container launches within an environment based on the Incus toolkit. Assemblies are created with the mkosi toolkit developed by Lennart Poettering, and the base system environment is read-only. To add additional applications, the systemd-sysext utility is used to distribute applications in the form of System Extension images.
IncusOS supports backup and restoration of main system settings, individual application data, and the ability to reset settings to their original state. System updates are facilitated through the systemd-sysupdate component, which utilizes an atomic partition replacement mechanism to ensure seamless upgrades. Boot environment integrity is maintained through UEFI Secure Boot and full-disk encryption (LUKS), with decryption keys stored in TPM 2.0.
The system environment within IncusOS is purposely minimalistic, lacking a command shell and traditional control capabilities. All management and configuration tasks must be performed exclusively through the REST API of the Incus system with proper authentication.