Added extra option to enable unprivileged containers. This includes a
patch to remove the hard-coded path to `lxc-user-nic` and a new security
wrapper to set SUID to `lxc-user-nic`.
This is a feature supported out of the box by upstream and allows the
incusd service to be restarted without impacting running
instances. While this does give up a bit of reproducibility, qemu and
lxc for example, there are clear benefits in allowing the host to
apply updates without impacting instances.
Modeled after the zabbly implementation: 2a67c3e260/systemd/incus-startup.service
This will now be the default.
Was previously broken due to a missing runtime dependency.
> Error: Failed to start device "vtpm": Failed to validate environment: Required tool 'swtpm' is missing
Previously upstream was packaging this separately due to the inclusion
of lxd in the go dependencies. This has been dropped and the package
has been merged into the main go.mod file.
It can can take a few seconds for the generator to initialize in slow
environments. Switch to using systemctl is-system-running which should
reflect the system is fully booted.
