Installing container and virtual machine management software on Fedora 44 requires careful preparation and attention to system configuration. Incus stands out as a modern, community-driven solution that provides unified management for both containers and virtual machines, offering administrators a powerful alternative to traditional virtualization tools. This comprehensive guide walks through every step of the installation process on Fedora 44, from initial system preparation through creating your first container instance.
What is Incus? Understanding the Container Revolution
Incus represents a significant evolution in Linux container and virtualization technology. Created as a community-driven project, it serves as the successor to LXD and provides system administrators with the ability to manage both container workloads and virtual machine instances from a single, unified platform. The distinction between traditional Docker containers and Incus containers matters significantly, as system containers provide an entire operating system environment rather than individual applications.
The architecture underlying Incus uses a client-server model with a daemon called incusd managing all operations through a REST API. This design enables remote administration, clustering capabilities, and sophisticated resource management. Unlike Docker’s focus on application containerization, Incus targets system-level virtualization and infrastructure management. The REST API-driven architecture allows third-party tools to integrate seamlessly with your Incus deployment.
Incus delivers native support for both unprivileged containers and virtual machines through QEMU integration. Unprivileged containers run with restricted user namespaces, providing enhanced security isolation between containers. Virtual machine support means you can manage traditional VMs alongside containers on the same platform, eliminating the need for separate virtualization solutions.
Prerequisites
Before installation, verify that your Fedora 44 system meets the fundamental hardware and software requirements. A successful Incus deployment depends on proper system preparation and capability verification.
Hardware Requirements for Fedora 44
Processor requirements form the foundation of your Incus infrastructure. Your system needs a modern x86_64 processor with virtualization extensions enabled, typically Intel VT-x or AMD-V technology. Most contemporary processors include these extensions, though older hardware may lack support.
Minimum specifications include a dual-core processor, though four cores represent a more practical baseline for production environments. RAM requirements start at 2GB minimum, but 4GB or more provides adequate headroom for meaningful workload management. Storage capacity should allocate at least 20GB for the Incus installation, images, and container data. SSDs significantly improve performance compared to traditional spindle drives, particularly for I/O-intensive container workloads.
Network infrastructure needs at least one functional network interface. Most installations require only a single NIC, though advanced multi-host or cluster setups benefit from multiple network adapters. Bridge networking capabilities on your motherboard support container networking through virtual bridge interfaces.
Fedora 44 Kernel and Operating System Requirements
Fedora 44, released on October 28, 2025, provides native Incus package support through official repositories. The kernel included with Fedora 44 includes comprehensive support for Linux namespaces, control groups (cgroups), and the necessary kernel modules for container operation.
Kernel version requirements demand Linux 5.1 or newer, which Fedora 44 exceeds. Your kernel must support cgroups v2, the modern control group implementation that provides better resource management and security boundaries. Verify this by checking /sys/fs/cgroup/cgroup.controllers.
The installation requires namespace support including user namespaces (unprivileged containers), PID namespaces (process isolation), network namespaces (network isolation), and mount namespaces (filesystem isolation). These capabilities enable the security model that makes Incus containers effective for multi-tenant environments.
Verifying Virtualization Support
Check your Fedora 44 system for virtualization support before beginning installation. Execute the command virt-host-validate to perform comprehensive hardware validation. This command verifies processor capabilities, kernel support, and system configuration readiness.
If your system lacks virtualization support, you can still run containers but will be unable to launch virtual machines. This limitation rarely affects containerization workflows but matters for hybrid deployments requiring both technologies.
System Preparation
Before installing Incus packages, prepare your Fedora 44 system through essential updates and configuration adjustments. This preparation prevents conflicts and ensures smooth installation.
Updating Your Fedora 44 System
Begin by updating your system’s package manager cache and installed packages. Open a terminal and execute sudo dnf update to retrieve the latest package metadata and apply security updates. The -y flag bypasses the confirmation prompt if you prefer automatic acceptance of updates:
sudo dnf update -yAfter updating completes, verify your system recognizes the incus packages in the default repositories:
dnf search incusThis search command reveals available Incus packages including incus, incus-tools, and optional components like incus-libs and incus-selinux-policy.
Checking for Conflicting Packages
Container management systems sometimes conflict with existing tools. Examine your system for conflicting applications before installation. Docker and Podman installations won’t necessarily prevent Incus installation, but dual runtime management can create complexity:
dnf list installed | grep -E "docker|podman|lxc|lxd"If you operate existing container solutions, decide whether to maintain them alongside Incus or migrate to a unified Incus deployment. Many administrators find Incus more feature-complete than traditional container runtimes for system-level management.
Verifying Kernel Modules
Incus requires several kernel modules that should load automatically but sometimes need manual verification. Check for essential modules:
sudo modprobe bridge
sudo modprobe br_netfilter
sudo modprobe overlay
sudo modprobe vhost_netThese commands load networking and storage modules required for container and virtual machine operation. Fedora 44 includes all necessary modules, though confirmation prevents surprises during container creation.
Step-by-Step Installation of Incus on Fedora 44
The Fedora 44 repository provides native Incus packages, making installation straightforward using the DNF package manager.
Installing Core Incus Packages
Execute the installation command to deploy Incus and its dependencies:
sudo dnf install incus incus-tools -yThe DNF package manager automatically resolves dependencies and installs required libraries. The main incus package contains the incusd daemon and client tools, while incus-tools provides additional utility scripts.
Watch for any package conflicts or missing dependencies. If DNF reports unsatisfiable dependencies, examine whether your Fedora 44 installation needs updates. Occasionally, the repository configuration needs verification if standard installation fails.
Installing Optional Components for Virtual Machine Support
To run virtual machines alongside containers, install QEMU and related components:
sudo dnf install qemu-system-x86 qemu-img qemu-kvm -yQEMU provides the virtualization backend that allows Incus to launch traditional virtual machines. The qemu-img package enables snapshot and image manipulation functionality. QEMU integration transforms Incus from a container-only platform to a comprehensive virtualization solution.
For enhanced VM features including secure boot support, install EDK2 firmware:
sudo dnf install edk2-x86_64 -yInstalling ZFS Support (Optional but Recommended)
ZFS storage backend provides advanced features including snapshots, compression, and deduplication. If you plan sophisticated storage management, install ZFS support:
sudo dnf install zfs-fuse zfs-tools -yNote that ZFS requires specific kernel configuration on some systems. Fedora 44 includes proper kernel support, so this installation typically succeeds without complications. If ZFS fails to initialize, your system may require kernel module compilation or storage backend adjustment.
Verifying Installation Success
Confirm successful installation by checking the installed version:
incus versionThis command displays the Incus client version and daemon version if the service is running. Output showing matching client and daemon versions indicates successful installation.
List available images to verify package completeness:
incus image list images: | head -10This command queries the remote image server and displays available container images, confirming network connectivity and basic functionality.
Starting and Configuring the Incus Service
After installation, enable and start the Incus daemon service to prepare the system for container and virtual machine deployment.
Starting the Incus Daemon
Enable the incus service to start automatically at boot:
sudo systemctl enable incusStart the service immediately:
sudo systemctl start incusVerify service status:
sudo systemctl status incusThe output should show “active (running)” indicating the daemon is operational. The incus-user.socket and incus.socket services also start automatically, providing both user-level and root-level access to the daemon.
Configuring User Access and Group Membership
Add your user account to the incus group to enable local management without elevated privileges:
sudo usermod -aG incus $USERApply the group change immediately:
newgrp incusVerify group membership:
groupsYour output should include “incus” confirming successful group assignment. Without this group membership, you require sudo privileges for every incus command.
For administrative operations, consider adding users to the incus-admin group:
sudo usermod -aG incus-admin $USERConfiguring UID/GID Mapping for Unprivileged Containers
Unprivileged containers require UID and GID ranges for secure operation. Configure subordinate user and group IDs:
sudo usermod -v 1000000-2000000000 -w 1000000-2000000000 rootThis command allocates a billion UID/GID mappings to the root user, enabling creation of unprivileged containers with proper isolation. Verify configuration:
cat /etc/subuid
cat /etc/subgidYour output should display the allocated ranges, enabling the security model that makes unprivileged containers viable.
Initializing Incus with the Configuration Wizard
The incus admin init command walks through essential configuration decisions, establishing storage pools, network configuration, and operational parameters.
Launching the Interactive Configuration Wizard
Execute the initialization command:
sudo incus admin initThe wizard presents a series of questions about your deployment requirements. Default answers work for most installations, but understanding each option enables customization for specific needs.
Selecting Storage Backend
When prompted about storage backend, you have several options:
Directory Backend: Simple file-based storage using standard filesystem storage. This backend works with any filesystem and requires no special software. Performance is adequate for development environments but may lag for production workloads. Snapshots operate through filesystem-level mechanisms rather than native backend support.
ZFS Backend: Advanced storage with native snapshots, compression, deduplication, and granular quota management. ZFS requires dedicated storage devices or logical volumes but provides superior performance and flexibility. The backend selects this if ZFS is available and properly configured.
btrfs Backend: Middleware option providing snapshots and compression while using standard filesystem storage. btrfs requires filesystem-level support but offers better features than directory backend without ZFS complexity.
LVM Backend: Advanced backend using logical volumes for storage management. LVM enables snapshots and sophisticated volume management for organizations with existing LVM infrastructure.
For most Fedora 44 installations, ZFS represents the optimal choice when available, with directory backend serving as a practical fallback.
Configuring Network Bridges
The wizard prompts about creating a managed network bridge for container connectivity. Accept the default incusbr0 bridge creation, which provides DHCP-based networking for containers. This bridge connects containers to a NAT network, providing outbound internet connectivity while maintaining internal isolation.
Configure IPv4 DHCP to enable automatic address assignment:
- Start address: 10.0.3.1/24 (default, modifiable)
- DHCP range: 10.0.3.100 to 10.0.3.200 (sufficient for most installations)
- DNS server: 10.0.3.1 (default pointing to the host)
For IPv6, you can configure a privacy-enabled ULA (Unique Local Address) or use stateless autoconfiguration depending on requirements.
Storing Configuration Choices
The wizard summarizes your selections before saving. Review the proposed configuration and confirm acceptance. The configuration file saves to /var/lib/incus/ where the incusd daemon reads it on startup.
Configuring Storage Pools After Initial Setup
Beyond the interactive wizard, advanced storage configuration provides production-grade flexibility.
Creating Additional Storage Pools
Create a dedicated storage pool for specific workloads:
sudo incus storage create production zfsThis command creates a ZFS-backed storage pool named “production”. The system prompts for additional configuration like source device specification if needed.
List configured pools:
sudo incus storage listYour output displays all storage pools including the default pool and any newly created pools with their backend type and storage usage.
Setting Storage Pool Properties
Modify storage pool characteristics after creation. Set compression on ZFS pools to reduce storage consumption:
sudo incus storage set production zfs.pool_properties="compression=lz4"Configure storage quotas per container:
sudo incus storage set production volume.size=10GBThis quota applies to new containers using this pool unless overridden during container creation.
Configuring Network Bridges and Connectivity
Network configuration determines how containers communicate internally and with external systems.
Creating Managed Networks
Beyond the default bridge, create additional managed networks for specific purposes:
sudo incus network create isolatedThis command creates a new managed network called “isolated” without DHCP to require manual container IP configuration.
View network configuration:
sudo incus network show incusbr0This displays detailed network properties including DHCP range, DNS settings, and connected containers.
Configuring Firewall Rules on Fedora 44
Fedora 44 uses firewalld for firewall management. Allow traffic through the incus bridge:
sudo firewall-cmd --add-masquerade --permanent
sudo firewall-cmd --add-interface=incusbr0 --zone=trusted --permanent
sudo firewall-cmd --reloadThese commands allow container traffic to route through the bridge while maintaining firewall protection for other interfaces.
Creating and Launching Your First Container
With Incus installed and configured, creating container instances demonstrates core functionality.
Selecting and Downloading Container Images
Search available images:
incus image list images:This command queries the remote image server displaying hundreds of pre-built Linux distributions and custom images. Results include Ubuntu, Debian, Fedora, AlmaLinux, and specialized appliance images.
Launch a container from the Ubuntu 22.04 image:
incus launch images:ubuntu/22.04 mycontainerThis command downloads the image (if not cached locally), creates a container instance named “mycontainer,” and starts it automatically. Initial creation takes longer as the image downloads; subsequent launches from cached images occur nearly instantaneously.
Accessing Container Shell and Verifying Connectivity
Execute a shell session within the container:
incus shell mycontainerThis command opens an interactive shell session, enabling command execution and testing within the container environment. Inside the container, verify system capabilities:
uname -a
ip addr show
cat /etc/lsb-releaseThese commands display kernel information, network configuration, and operating system version, confirming the container provides a complete operating system environment.
Test network connectivity:
ping google.com
curl https://example.comThese tests verify outbound internet connectivity through the NAT network bridge established during configuration.
Exit the container shell:
exitThis returns you to the host system while leaving the container running.
Managing Container Lifecycle
List running containers:
incus listStop a running container:
incus stop mycontainerStart a stopped container:
incus start mycontainerDelete a container permanently:
incus delete mycontainerThese fundamental commands enable basic container management.
Security Hardening and Best Practices
Production deployments require security configuration beyond default settings.
Understanding Container Isolation
Incus implements security through multiple mechanisms. Unprivileged containers run with mapped user IDs, preventing privilege escalation risks. AppArmor profiles (or SELinux policies on enforcing systems) restrict container system call access and capabilities.
Verify unprivileged container status:
incus config get mycontainer security.privilegedOutput of “false” confirms unprivileged operation. Privileged containers require explicit configuration and carry greater security risk; use them only when necessary for specific workload requirements.
Restricting Container Resources
Prevent resource exhaustion attacks by setting container limits:
incus config set mycontainer limits.cpu=2
incus config set mycontainer limits.memory=1GBThese settings restrict container CPU and memory consumption. Without limits, a runaway container could consume all host resources, affecting other containers.
Set disk quotas:
incus config set mycontainer root.size=5GBThis limits the container’s root filesystem size, preventing disk exhaustion attacks.
Configuring Network Security
Isolate containers on separate networks when necessary:
incus launch images:ubuntu/22.04 secure_container -n isolatedThis launches a container on the “isolated” network without DHCP, requiring explicit IP configuration and preventing accidental connectivity.
Create host firewall rules explicitly allowing required traffic:
sudo firewall-cmd --add-port=8080/tcp --zone=public --permanent
sudo firewall-cmd --reloadExplicit firewall rules prevent unauthorized access to containers running network services.
Troubleshooting Common Installation and Configuration Issues
Installation challenges occur occasionally despite careful preparation. Systematic troubleshooting typically resolves issues quickly.
Resolving DNF Package Installation Failures
If dnf install incus fails, first update package metadata:
sudo dnf makecacheThis command refreshes the local package cache from remote repositories. Outdated caches sometimes reference unavailable packages.
Check repository configuration:
dnf repolist | grep -E "fedora|updates"Fedora 44 repositories should appear as “fedora” and “updates”. If repositories are missing, Fedora configuration may require restoration.
Addressing Permission and Group Membership Issues
If incus commands fail with “permission denied,” verify group membership:
id | grep incusThe output must include “gid=XXX(incus)” confirming group membership. If missing, log out and log back in to refresh group associations.
Resolving Network Bridge Creation Failures
If bridge creation fails during initialization, examine existing interfaces:
ip link showLook for conflicts with existing bridge names. If incusbr0 already exists from a previous partial installation, remove it:
sudo ip link delete incusbr0Restart the initialization wizard:
sudo incus admin init --resetDebugging Storage Backend Issues
If ZFS fails to initialize despite proper installation, reboot and retry:
sudo reboot
sudo incus admin initFedora sometimes requires reboots for kernel module loading. If ZFS still fails, select the directory backend as a temporary workaround.
Verify kernel module loading:
modinfo zfsThis command confirms whether the ZFS kernel module exists and can be loaded.
Resolving Virtual Machine Launch Failures
If VM creation fails, verify QEMU installation:
qemu-system-x86_64 --versionMissing or outdated QEMU typically causes VM failures. Reinstall:
sudo dnf reinstall qemu-system-x86Launching Virtual Machines with Incus
Incus extends beyond containers to full virtual machine management, offering comprehensive workload flexibility.
Creating a Virtual Machine Instance
Launch a virtual machine using the --vm flag:
incus launch images:debian/12 myvm --vmThis command creates a Debian 12 virtual machine instead of a container. Virtual machines take longer to boot as the full operating system initializes within QEMU.
Monitor VM startup:
incus listThe VM appears in the list with a “TYPE” of “VIRTUAL MACHINE”. Status transitions from “Starting” to “Running” once the boot sequence completes.
Accessing Virtual Machine Console
Connect to the virtual machine console:
incus console myvmThis provides direct access to the VM’s serial console for troubleshooting and direct system interaction.
Configuring Virtual Machine Resources
Virtual machines benefit from explicit resource allocation:
incus config set myvm limits.cpu=4
incus config set myvm limits.memory=2GBThese settings allocate 4 virtual CPUs and 2GB RAM to the VM, affecting performance and capabilities.
Advanced Container and Image Management
Beyond basic container creation, sophisticated management capabilities enable production deployments.
Building Custom Container Images
Create a custom image from a modified container:
incus publish mycontainer --alias ubuntu-customThis command captures the current container state as a reusable image. Subsequent containers launched from this image inherit customizations, reducing deployment time.
Using Container Profiles
Profiles standardize configurations across multiple containers. Create a custom profile:
incus profile create productionApply configurations to the profile:
incus profile set production limits.cpu=2
incus profile set production limits.memory=512MBLaunch containers using the profile:
incus launch images:ubuntu/22.04 app1 -p productionThis standardizes resource allocation and settings across multiple containers, simplifying large-scale deployments.
Container Snapshots and Recovery
Create a point-in-time snapshot:
incus snapshot create mycontainer backup1List available snapshots:
incus info mycontainer | grep SnapshotsRestore from a snapshot:
incus restore mycontainer backup1This recovery capability enables safe experimentation knowing you can restore previous states instantly.
Monitoring, Maintenance, and Updates
Production deployments require ongoing monitoring and maintenance.
Monitoring Container Status and Resource Usage
Display resource consumption:
incus list --format csv -c n,state,cpu,memory,diskThis command shows CPU cores, memory usage, and disk consumption for all containers, enabling capacity planning and optimization.
Keeping Incus Updated
Check for available updates:
sudo dnf check-update incusInstall updates:
sudo dnf update incus -yFedora’s frequent update cycle ensures security patches and new features reach your system regularly. Test updates on non-production systems first when possible.
Backup and Disaster Recovery
Export a container for backup:
incus export mycontainer mycontainer.tar.gzRestore from backup on another Incus system:
incus import mycontainer.tar.gzRegular backups provide protection against data loss and enable rapid recovery from hardware failures.
Exploring the Incus Web Dashboard
While command-line tools provide powerful administration, the optional web UI offers graphical management:
sudo dnf install incus-ui -yThe web interface becomes available at https://localhost:8443 once installed, providing container management through a modern browser interface.
Congratulations! You have successfully installed Incus. Thanks for using this tutorial for installing Incus container and virtual machine manager on Fedora 44 Linux system. For additional help or useful information, we recommend you check the official Incus website.
