diff --git a/build_library/sysext_mangle_flatcar-incus b/build_library/sysext_mangle_flatcar-incus
new file mode 100755
index 0000000000..d7ac982c8d
--- /dev/null
+++ b/build_library/sysext_mangle_flatcar-incus
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -euo pipefail
+rootfs="${1}"
+
+pushd "${rootfs}"
+
+pushd ./usr/lib/systemd/system
+mkdir -p "multi-user.target.d"
+{ echo "[Unit]"; echo "Upholds=incus.service"; } > "multi-user.target.d/10-incus.conf"
+popd
+
+mkdir -p ./usr/lib/tmpfiles.d
+pushd ./usr/lib/tmpfiles.d
+cat <<EOF >./10-incus.conf
+d  /var/lib/lxc/rootfs	0755  root  root  -  -
+w+ /etc/subuid - - - - root:1065536:65536
+w+ /etc/subgid - - - - root:1065536:65536
+EOF
+popd
+
+# Add 'core' user to 'incus-admin' group to avoid prefixing
+# all commands with sudo.
+mkdir -p ./usr/lib/userdb/
+echo " " > ./usr/lib/userdb/core:incus-admin.membership
+
+popd
+