diff --git a/cmd/fuidshift/main_shift.go b/cmd/fuidshift/main_shift.go
index e84993eef60..c7bffd42316 100644
--- a/cmd/fuidshift/main_shift.go
+++ b/cmd/fuidshift/main_shift.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/lxc/incus/internal/idmap"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 type cmdShift struct {
diff --git a/cmd/incusd/backup.go b/cmd/incusd/backup.go
index a3e7949f0dc..664824b0f8e 100644
--- a/cmd/incusd/backup.go
+++ b/cmd/incusd/backup.go
@@ -10,7 +10,6 @@ import (
 
 	"gopkg.in/yaml.v2"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/instancewriter"
 	"github.com/lxc/incus/internal/revert"
 	"github.com/lxc/incus/internal/server/backup"
@@ -27,6 +26,7 @@ import (
 	"github.com/lxc/incus/internal/server/task"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/ioprogress"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/units"
diff --git a/cmd/incusd/cgo.go b/cmd/incusd/cgo.go
index 16f15e8cbbb..d1bfc84d515 100644
--- a/cmd/incusd/cgo.go
+++ b/cmd/incusd/cgo.go
@@ -8,7 +8,7 @@ package main
 // #cgo CFLAGS: -Werror=implicit-function-declaration
 // #cgo CFLAGS: -Werror=return-type -Wendif-labels -Werror=overflow
 // #cgo CFLAGS: -Wnested-externs -fexceptions
-// #cgo CFLAGS: -I ../../internal/cgo
+// #cgo CFLAGS: -I ../../shared/cgo
 // #cgo pkg-config: lxc
 // #cgo pkg-config: libcap
 import "C"
diff --git a/cmd/incusd/daemon.go b/cmd/incusd/daemon.go
index 028e12f1c4d..04b55a2faa4 100644
--- a/cmd/incusd/daemon.go
+++ b/cmd/incusd/daemon.go
@@ -25,7 +25,6 @@ import (
 	liblxc "github.com/lxc/go-lxc"
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	internalIO "github.com/lxc/incus/internal/io"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/revert"
@@ -74,6 +73,7 @@ import (
 	"github.com/lxc/incus/shared/api"
 	"github.com/lxc/incus/shared/archive"
 	"github.com/lxc/incus/shared/cancel"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/proxy"
 	localtls "github.com/lxc/incus/shared/tls"
diff --git a/cmd/incusd/devices.go b/cmd/incusd/devices.go
index bdccb14598f..fd6490115e2 100644
--- a/cmd/incusd/devices.go
+++ b/cmd/incusd/devices.go
@@ -7,7 +7,7 @@ package main
 #include <stdio.h>
 #include <linux/hidraw.h>
 
-#include "../../internal/cgo/memory_utils.h"
+#include "../../shared/cgo/memory_utils.h"
 
 #ifndef HIDIOCGRAWINFO
 #define HIDIOCGRAWINFO _IOR('H', 0x03, struct hidraw_devinfo)
@@ -43,13 +43,13 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
 	"github.com/lxc/incus/internal/server/cgroup"
 	"github.com/lxc/incus/internal/server/device"
 	"github.com/lxc/incus/internal/server/instance"
 	"github.com/lxc/incus/internal/server/instance/instancetype"
 	"github.com/lxc/incus/internal/server/resources"
 	"github.com/lxc/incus/internal/server/state"
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/util"
 )
diff --git a/cmd/incusd/instance_test.go b/cmd/incusd/instance_test.go
index 55ac07076a3..d6a862ec15f 100644
--- a/cmd/incusd/instance_test.go
+++ b/cmd/incusd/instance_test.go
@@ -9,7 +9,6 @@ import (
 
 	"github.com/stretchr/testify/suite"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/server/db"
 	"github.com/lxc/incus/internal/server/db/cluster"
 	deviceConfig "github.com/lxc/incus/internal/server/device/config"
@@ -18,6 +17,7 @@ import (
 	storagePools "github.com/lxc/incus/internal/server/storage"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 type containerTestSuite struct {
diff --git a/cmd/incusd/main_activateifneeded.go b/cmd/incusd/main_activateifneeded.go
index eac47e45232..16e7c85691d 100644
--- a/cmd/incusd/main_activateifneeded.go
+++ b/cmd/incusd/main_activateifneeded.go
@@ -10,11 +10,11 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/lxc/incus/client"
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/server/db"
 	"github.com/lxc/incus/internal/server/instance"
 	"github.com/lxc/incus/internal/server/instance/instancetype"
 	"github.com/lxc/incus/internal/server/node"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/util"
 )
diff --git a/cmd/incusd/main_checkfeature.go b/cmd/incusd/main_checkfeature.go
index 2de36c387f5..4d4ee953f90 100644
--- a/cmd/incusd/main_checkfeature.go
+++ b/cmd/incusd/main_checkfeature.go
@@ -579,7 +579,7 @@ static bool kernel_supports_idmapped_mounts(void)
 import "C"
 
 import (
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 	"github.com/lxc/incus/shared/logger"
 )
 
diff --git a/cmd/incusd/main_forkcoresched.go b/cmd/incusd/main_forkcoresched.go
index 8f0c4c28f9a..f08c22261e1 100644
--- a/cmd/incusd/main_forkcoresched.go
+++ b/cmd/incusd/main_forkcoresched.go
@@ -89,7 +89,7 @@ import (
 	"github.com/spf13/cobra"
 
 	// Used by cgo
-	_ "github.com/lxc/incus/internal/cgo"
+	_ "github.com/lxc/incus/shared/cgo"
 )
 
 type cmdForkcoresched struct {
diff --git a/cmd/incusd/main_forkexec.go b/cmd/incusd/main_forkexec.go
index d2ca935492b..2444d56f12b 100644
--- a/cmd/incusd/main_forkexec.go
+++ b/cmd/incusd/main_forkexec.go
@@ -333,7 +333,7 @@ import (
 	"github.com/spf13/cobra"
 
 	// Used by cgo
-	_ "github.com/lxc/incus/internal/cgo"
+	_ "github.com/lxc/incus/shared/cgo"
 )
 
 type cmdForkexec struct {
diff --git a/cmd/incusd/main_forkmount.go b/cmd/incusd/main_forkmount.go
index fdfda397be0..5ccd3bcbfe9 100644
--- a/cmd/incusd/main_forkmount.go
+++ b/cmd/incusd/main_forkmount.go
@@ -634,7 +634,7 @@ import (
 	"github.com/spf13/cobra"
 
 	// Used by cgo
-	_ "github.com/lxc/incus/internal/cgo"
+	_ "github.com/lxc/incus/shared/cgo"
 )
 
 type cmdForkmount struct {
diff --git a/cmd/incusd/main_forknet.go b/cmd/incusd/main_forknet.go
index 6cc6dbd10b2..080c43f14ff 100644
--- a/cmd/incusd/main_forknet.go
+++ b/cmd/incusd/main_forknet.go
@@ -109,9 +109,9 @@ import (
 
 	"github.com/spf13/cobra"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
 	"github.com/lxc/incus/internal/netutils"
 	"github.com/lxc/incus/internal/server/ip"
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 	"github.com/lxc/incus/shared/subprocess"
 )
 
diff --git a/cmd/incusd/main_forkproxy.go b/cmd/incusd/main_forkproxy.go
index a8906b5eb78..f2fae7f5c7d 100644
--- a/cmd/incusd/main_forkproxy.go
+++ b/cmd/incusd/main_forkproxy.go
@@ -255,12 +255,12 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/sys/unix"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/netutils"
 	"github.com/lxc/incus/internal/server/daemon"
 	deviceConfig "github.com/lxc/incus/internal/server/device/config"
 	"github.com/lxc/incus/internal/server/network"
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 )
 
 const forkproxyUDSSockFDNum int = C.FORKPROXY_UDS_SOCK_FD_NUM
diff --git a/cmd/incusd/main_forksyscall.go b/cmd/incusd/main_forksyscall.go
index 7eaf180fdf6..483a62b52fc 100644
--- a/cmd/incusd/main_forksyscall.go
+++ b/cmd/incusd/main_forksyscall.go
@@ -21,11 +21,11 @@ package main
 #include <sys/xattr.h>
 #include <unistd.h>
 
-#include "../../internal/cgo/macro.h"
-#include "../../internal/cgo/memory_utils.h"
-#include "../../internal/cgo/mount_utils.h"
-#include "../../internal/cgo/syscall_numbers.h"
-#include "../../internal/cgo/syscall_wrappers.h"
+#include "../../shared/cgo/macro.h"
+#include "../../shared/cgo/memory_utils.h"
+#include "../../shared/cgo/mount_utils.h"
+#include "../../shared/cgo/syscall_numbers.h"
+#include "../../shared/cgo/syscall_wrappers.h"
 
 extern char* advance_arg(bool required);
 extern void attach_userns_fd(int ns_fd);
@@ -556,7 +556,7 @@ import (
 	"github.com/spf13/cobra"
 
 	// Used by cgo
-	_ "github.com/lxc/incus/internal/cgo"
+	_ "github.com/lxc/incus/shared/cgo"
 )
 
 type cmdForksyscall struct {
diff --git a/cmd/incusd/main_forkuevent.go b/cmd/incusd/main_forkuevent.go
index 2dc0294b308..0fdebd1d5e6 100644
--- a/cmd/incusd/main_forkuevent.go
+++ b/cmd/incusd/main_forkuevent.go
@@ -23,7 +23,7 @@ package main
 #include <unistd.h>
 
 #include "../../internal/netutils/network.c"
-#include "../../internal/cgo/memory_utils.h"
+#include "../../shared/cgo/memory_utils.h"
 
 #ifndef UEVENT_SEND
 #define UEVENT_SEND 16
diff --git a/cmd/incusd/main_nsexec.go b/cmd/incusd/main_nsexec.go
index c1bf32133a6..21bf3dfd7f5 100644
--- a/cmd/incusd/main_nsexec.go
+++ b/cmd/incusd/main_nsexec.go
@@ -35,13 +35,13 @@ package main
 #include <sys/wait.h>
 #include <unistd.h>
 
-#include "../../internal/cgo/incus.h"
-#include "../../internal/cgo/file_utils.h"
-#include "../../internal/cgo/memory_utils.h"
-#include "../../internal/cgo/mount_utils.h"
-#include "../../internal/cgo/process_utils.h"
-#include "../../internal/cgo/syscall_numbers.h"
-#include "../../internal/cgo/syscall_wrappers.h"
+#include "../../shared/cgo/incus.h"
+#include "../../shared/cgo/file_utils.h"
+#include "../../shared/cgo/memory_utils.h"
+#include "../../shared/cgo/mount_utils.h"
+#include "../../shared/cgo/process_utils.h"
+#include "../../shared/cgo/syscall_numbers.h"
+#include "../../shared/cgo/syscall_wrappers.h"
 
 // Command line parsing and tracking
 char *cmdline_buf = NULL;
@@ -360,5 +360,5 @@ import "C"
 
 import (
 	// Used by cgo
-	_ "github.com/lxc/incus/internal/cgo"
+	_ "github.com/lxc/incus/shared/cgo"
 )
diff --git a/cmd/incusd/main_test.go b/cmd/incusd/main_test.go
index bc560a98376..04188d5980f 100644
--- a/cmd/incusd/main_test.go
+++ b/cmd/incusd/main_test.go
@@ -9,11 +9,11 @@ import (
 	"github.com/stretchr/testify/suite"
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/server/db"
 	"github.com/lxc/incus/internal/server/db/cluster"
 	"github.com/lxc/incus/internal/server/sys"
 	internalUtil "github.com/lxc/incus/internal/util"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 func mockStartDaemon() (*Daemon, error) {
diff --git a/cmd/incusd/migrate.go b/cmd/incusd/migrate.go
index 995e102423e..f3092a094a1 100644
--- a/cmd/incusd/migrate.go
+++ b/cmd/incusd/migrate.go
@@ -15,13 +15,13 @@ import (
 	"github.com/gorilla/websocket"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/jmap"
 	"github.com/lxc/incus/internal/migration"
 	"github.com/lxc/incus/internal/server/instance"
 	localMigration "github.com/lxc/incus/internal/server/migration"
 	"github.com/lxc/incus/internal/server/operations"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 type migrationFields struct {
diff --git a/internal/idmap/empty.go b/internal/idmap/empty.go
deleted file mode 100644
index 625c626a0ed..00000000000
--- a/internal/idmap/empty.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package idmap
-
-// Empty file so that builds on !linux don't complain about empty package
diff --git a/internal/instancewriter/instance_tar_writer.go b/internal/instancewriter/instance_tar_writer.go
index 699abf9a6b7..e75f55e4c33 100644
--- a/internal/instancewriter/instance_tar_writer.go
+++ b/internal/instancewriter/instance_tar_writer.go
@@ -11,8 +11,8 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/linux"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 )
 
diff --git a/internal/linux/socket_linux_cgo.go b/internal/linux/socket_linux_cgo.go
index 3020ad7da1b..9e35ccfba0a 100644
--- a/internal/linux/socket_linux_cgo.go
+++ b/internal/linux/socket_linux_cgo.go
@@ -22,8 +22,8 @@ package linux
 #include <sys/types.h>
 #include <sys/un.h>
 
-#include "../cgo/process_utils.h"
-#include "../cgo/syscall_wrappers.h"
+#include "../../shared/cgo/process_utils.h"
+#include "../../shared/cgo/syscall_wrappers.h"
 
 #define ABSTRACT_UNIX_SOCK_LEN sizeof(((struct sockaddr_un *)0)->sun_path)
 
@@ -51,7 +51,7 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 )
 
 const ABSTRACT_UNIX_SOCK_LEN int = C.ABSTRACT_UNIX_SOCK_LEN
diff --git a/internal/netutils/netns_getifaddrs.c b/internal/netutils/netns_getifaddrs.c
index 4331b9c4262..be185997d15 100644
--- a/internal/netutils/netns_getifaddrs.c
+++ b/internal/netutils/netns_getifaddrs.c
@@ -20,7 +20,7 @@
 #include <sys/socket.h>
 #include <unistd.h>
 
-#include "../cgo/compiler.h"
+#include "../../shared/cgo/compiler.h"
 #include "network.c"
 
 struct netns_ifaddrs {
diff --git a/internal/netutils/network.c b/internal/netutils/network.c
index 864d2475481..cf86a02229a 100644
--- a/internal/netutils/network.c
+++ b/internal/netutils/network.c
@@ -20,8 +20,8 @@
 #include <sys/socket.h>
 #include <unistd.h>
 
-#include "../cgo/compiler.h"
-#include "../cgo/macro.h"
+#include "../../shared/cgo/compiler.h"
+#include "../../shared/cgo/macro.h"
 
 #ifndef NETNS_RTA
 #define NETNS_RTA(r) \
diff --git a/internal/netutils/unixfd.c b/internal/netutils/unixfd.c
index ee8e1226bd3..c98752c2026 100644
--- a/internal/netutils/unixfd.c
+++ b/internal/netutils/unixfd.c
@@ -19,7 +19,7 @@
 #include <sys/un.h>
 
 #include "unixfd.h"
-#include "../cgo/memory_utils.h"
+#include "../../shared/cgo/memory_utils.h"
 
 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
 			       void *data, size_t size)
diff --git a/internal/server/device/device_utils_disk.go b/internal/server/device/device_utils_disk.go
index 8e2e394f736..dc288c811f4 100644
--- a/internal/server/device/device_utils_disk.go
+++ b/internal/server/device/device_utils_disk.go
@@ -13,11 +13,11 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/revert"
 	"github.com/lxc/incus/internal/server/instance"
 	storageDrivers "github.com/lxc/incus/internal/server/storage/drivers"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/osarch"
 	"github.com/lxc/incus/shared/subprocess"
 	"github.com/lxc/incus/shared/util"
diff --git a/internal/server/device/device_utils_disk_test.go b/internal/server/device/device_utils_disk_test.go
index 014995f144c..61f7487595e 100644
--- a/internal/server/device/device_utils_disk_test.go
+++ b/internal/server/device/device_utils_disk_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/lxc/incus/internal/idmap"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 func TestDiskAddRootUserNSEntry(t *testing.T) {
diff --git a/internal/server/device/device_utils_unix.go b/internal/server/device/device_utils_unix.go
index 523cd59a685..7d807765397 100644
--- a/internal/server/device/device_utils_unix.go
+++ b/internal/server/device/device_utils_unix.go
@@ -9,11 +9,11 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	internalIO "github.com/lxc/incus/internal/io"
 	"github.com/lxc/incus/internal/linux"
 	deviceConfig "github.com/lxc/incus/internal/server/device/config"
 	"github.com/lxc/incus/internal/server/state"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/util"
 )
diff --git a/internal/server/device/disk.go b/internal/server/device/disk.go
index bde4d6a8cfb..267a103f026 100644
--- a/internal/server/device/disk.go
+++ b/internal/server/device/disk.go
@@ -14,7 +14,6 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	internalInstance "github.com/lxc/incus/internal/instance"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/revert"
@@ -31,6 +30,7 @@ import (
 	"github.com/lxc/incus/internal/server/warnings"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/subprocess"
 	"github.com/lxc/incus/shared/units"
diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go
index f6db713f785..dada69fde61 100644
--- a/internal/server/instance/drivers/driver_lxc.go
+++ b/internal/server/instance/drivers/driver_lxc.go
@@ -34,7 +34,6 @@ import (
 	"google.golang.org/protobuf/proto"
 	yaml "gopkg.in/yaml.v2"
 
-	"github.com/lxc/incus/internal/idmap"
 	internalInstance "github.com/lxc/incus/internal/instance"
 	"github.com/lxc/incus/internal/instancewriter"
 	internalIO "github.com/lxc/incus/internal/io"
@@ -72,6 +71,7 @@ import (
 	localUtil "github.com/lxc/incus/internal/server/util"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/osarch"
 	"github.com/lxc/incus/shared/subprocess"
diff --git a/internal/server/instance/instance_interface.go b/internal/server/instance/instance_interface.go
index 04acc8ae94a..c09e6939540 100644
--- a/internal/server/instance/instance_interface.go
+++ b/internal/server/instance/instance_interface.go
@@ -12,7 +12,6 @@ import (
 	"github.com/pkg/sftp"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/server/backup"
 	"github.com/lxc/incus/internal/server/cgroup"
 	"github.com/lxc/incus/internal/server/db"
@@ -22,6 +21,7 @@ import (
 	"github.com/lxc/incus/internal/server/metrics"
 	"github.com/lxc/incus/internal/server/operations"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 // HookStart hook used when instance has started.
diff --git a/internal/server/instance/instance_utils.go b/internal/server/instance/instance_utils.go
index bae99927af8..a8a679dfaa6 100644
--- a/internal/server/instance/instance_utils.go
+++ b/internal/server/instance/instance_utils.go
@@ -19,7 +19,6 @@ import (
 	liblxc "github.com/lxc/go-lxc"
 
 	"github.com/lxc/incus/client"
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/instance"
 	internalInstance "github.com/lxc/incus/internal/instance"
 	"github.com/lxc/incus/internal/migration"
@@ -37,6 +36,7 @@ import (
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/internal/version"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/osarch"
 	"github.com/lxc/incus/shared/util"
diff --git a/internal/server/project/permission_internal_test.go b/internal/server/project/permission_internal_test.go
index a32adba64b9..24f405d46eb 100644
--- a/internal/server/project/permission_internal_test.go
+++ b/internal/server/project/permission_internal_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/lxc/incus/internal/idmap"
+	"github.com/lxc/incus/shared/idmap"
 )
 
 func TestParseHostIDMapRange(t *testing.T) {
diff --git a/internal/server/project/permissions.go b/internal/server/project/permissions.go
index 7d49312b5e6..0091e80519f 100644
--- a/internal/server/project/permissions.go
+++ b/internal/server/project/permissions.go
@@ -8,7 +8,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/instance"
 	"github.com/lxc/incus/internal/server/auth"
 	"github.com/lxc/incus/internal/server/db"
@@ -16,6 +15,7 @@ import (
 	deviceconfig "github.com/lxc/incus/internal/server/device/config"
 	"github.com/lxc/incus/internal/server/instance/instancetype"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/units"
 	"github.com/lxc/incus/shared/util"
 	"github.com/lxc/incus/shared/validate"
diff --git a/internal/server/seccomp/seccomp.go b/internal/server/seccomp/seccomp.go
index 6b54a677cdd..3c04209be8f 100644
--- a/internal/server/seccomp/seccomp.go
+++ b/internal/server/seccomp/seccomp.go
@@ -25,11 +25,11 @@ package seccomp
 #include <sys/types.h>
 #include <unistd.h>
 
-#include "../../cgo/incus_bpf.h"
-#include "../../cgo/incus_seccomp.h"
-#include "../../cgo/memory_utils.h"
-#include "../../cgo/process_utils.h"
-#include "../../cgo/syscall_wrappers.h"
+#include "../../../shared/cgo/incus_bpf.h"
+#include "../../../shared/cgo/incus_seccomp.h"
+#include "../../../shared/cgo/memory_utils.h"
+#include "../../../shared/cgo/process_utils.h"
+#include "../../../shared/cgo/syscall_wrappers.h"
 
 struct seccomp_notif_sizes expected_sizes;
 
@@ -460,8 +460,6 @@ import (
 	liblxc "github.com/lxc/go-lxc"
 	"golang.org/x/sys/unix"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/netutils"
 	"github.com/lxc/incus/internal/server/cgroup"
@@ -471,6 +469,8 @@ import (
 	localUtil "github.com/lxc/incus/internal/server/util"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/osarch"
 	"github.com/lxc/incus/shared/subprocess"
diff --git a/internal/server/storage/drivers/utils.go b/internal/server/storage/drivers/utils.go
index 1b507ad7dc9..0bd2af04c49 100644
--- a/internal/server/storage/drivers/utils.go
+++ b/internal/server/storage/drivers/utils.go
@@ -13,12 +13,12 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	"github.com/lxc/incus/internal/idmap"
 	internalInstance "github.com/lxc/incus/internal/instance"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/server/operations"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/shared/api"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/subprocess"
 	"github.com/lxc/incus/shared/util"
diff --git a/internal/server/sys/os.go b/internal/server/sys/os.go
index 48e32b7b9c6..15812c94fe3 100644
--- a/internal/server/sys/os.go
+++ b/internal/server/sys/os.go
@@ -11,13 +11,13 @@ import (
 	"sync"
 	"time"
 
-	"github.com/lxc/incus/internal/idmap"
 	"github.com/lxc/incus/internal/linux"
 	"github.com/lxc/incus/internal/server/cgroup"
 	"github.com/lxc/incus/internal/server/db/cluster"
 	localUtil "github.com/lxc/incus/internal/server/util"
 	internalUtil "github.com/lxc/incus/internal/util"
 	"github.com/lxc/incus/internal/version"
+	"github.com/lxc/incus/shared/idmap"
 	"github.com/lxc/incus/shared/logger"
 	"github.com/lxc/incus/shared/osarch"
 )
diff --git a/internal/cgo/compiler.h b/shared/cgo/compiler.h
similarity index 100%
rename from internal/cgo/compiler.h
rename to shared/cgo/compiler.h
diff --git a/internal/cgo/config.h b/shared/cgo/config.h
similarity index 100%
rename from internal/cgo/config.h
rename to shared/cgo/config.h
diff --git a/internal/cgo/dummy.go b/shared/cgo/dummy.go
similarity index 100%
rename from internal/cgo/dummy.go
rename to shared/cgo/dummy.go
diff --git a/internal/cgo/error_utils.h b/shared/cgo/error_utils.h
similarity index 100%
rename from internal/cgo/error_utils.h
rename to shared/cgo/error_utils.h
diff --git a/internal/cgo/file_utils.h b/shared/cgo/file_utils.h
similarity index 100%
rename from internal/cgo/file_utils.h
rename to shared/cgo/file_utils.h
diff --git a/internal/cgo/incus.h b/shared/cgo/incus.h
similarity index 100%
rename from internal/cgo/incus.h
rename to shared/cgo/incus.h
diff --git a/internal/cgo/incus_bpf.h b/shared/cgo/incus_bpf.h
similarity index 100%
rename from internal/cgo/incus_bpf.h
rename to shared/cgo/incus_bpf.h
diff --git a/internal/cgo/incus_bpf_common.h b/shared/cgo/incus_bpf_common.h
similarity index 100%
rename from internal/cgo/incus_bpf_common.h
rename to shared/cgo/incus_bpf_common.h
diff --git a/internal/cgo/incus_posix_acl_xattr.h b/shared/cgo/incus_posix_acl_xattr.h
similarity index 100%
rename from internal/cgo/incus_posix_acl_xattr.h
rename to shared/cgo/incus_posix_acl_xattr.h
diff --git a/internal/cgo/incus_seccomp.h b/shared/cgo/incus_seccomp.h
similarity index 100%
rename from internal/cgo/incus_seccomp.h
rename to shared/cgo/incus_seccomp.h
diff --git a/internal/cgo/macro.h b/shared/cgo/macro.h
similarity index 100%
rename from internal/cgo/macro.h
rename to shared/cgo/macro.h
diff --git a/internal/cgo/memory_utils.h b/shared/cgo/memory_utils.h
similarity index 100%
rename from internal/cgo/memory_utils.h
rename to shared/cgo/memory_utils.h
diff --git a/internal/cgo/mount_utils.h b/shared/cgo/mount_utils.h
similarity index 100%
rename from internal/cgo/mount_utils.h
rename to shared/cgo/mount_utils.h
diff --git a/internal/cgo/process_utils.h b/shared/cgo/process_utils.h
similarity index 100%
rename from internal/cgo/process_utils.h
rename to shared/cgo/process_utils.h
diff --git a/internal/cgo/syscall_numbers.h b/shared/cgo/syscall_numbers.h
similarity index 100%
rename from internal/cgo/syscall_numbers.h
rename to shared/cgo/syscall_numbers.h
diff --git a/internal/cgo/syscall_wrappers.h b/shared/cgo/syscall_wrappers.h
similarity index 100%
rename from internal/cgo/syscall_wrappers.h
rename to shared/cgo/syscall_wrappers.h
diff --git a/internal/idmap/cgo.go b/shared/idmap/cgo.go
similarity index 100%
rename from internal/idmap/cgo.go
rename to shared/idmap/cgo.go
diff --git a/internal/idmap/structs.go b/shared/idmap/idmap.go
similarity index 100%
rename from internal/idmap/structs.go
rename to shared/idmap/idmap.go
diff --git a/internal/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go
similarity index 100%
rename from internal/idmap/idmapset_linux.go
rename to shared/idmap/idmapset_linux.go
diff --git a/internal/idmap/idmapset_linux_test.go b/shared/idmap/idmapset_linux_test.go
similarity index 100%
rename from internal/idmap/idmapset_linux_test.go
rename to shared/idmap/idmapset_linux_test.go
diff --git a/shared/idmap/idmapset_other.go b/shared/idmap/idmapset_other.go
new file mode 100644
index 00000000000..d12b21692e8
--- /dev/null
+++ b/shared/idmap/idmapset_other.go
@@ -0,0 +1,25 @@
+//go:build !linux || !cgo
+
+package idmap
+
+import (
+	"fmt"
+)
+
+// ErrNoIdmapSupport is an indicating that the host os does not support idmaps
+var ErrNoIdmapSupport = fmt.Errorf("No idmap support for non-linux hosts")
+
+// GetIdmapSet reads the uid/gid allocation.
+func GetIdmapSet() *IdmapSet {
+	return nil
+}
+
+// CurrentIdmapSet creates an idmap of the current allocation.
+func CurrentIdmapSet() (*IdmapSet, error) {
+	return nil, ErrNoIdmapSupport
+}
+
+// DefaultIdmapSet creates a new default idmap.
+func DefaultIdmapSet(rootfs string, username string) (*IdmapSet, error) {
+	return nil, ErrNoIdmapSupport
+}
diff --git a/shared/idmap/internal_linux.go b/shared/idmap/internal_linux.go
new file mode 100644
index 00000000000..2d0cdd77676
--- /dev/null
+++ b/shared/idmap/internal_linux.go
@@ -0,0 +1,63 @@
+//go:build linux && cgo
+
+package idmap
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/pkg/xattr"
+	"golang.org/x/sys/unix"
+)
+
+// The functions below are verbatim copies of the functions found in the internal package.
+// They have been copied here due to there not being a good place for
+// them in the shared package and because we have a policy not to import
+// anything from internal in one of our shared packages.
+
+// getAllXattr retrieves all extended attributes associated with a file, directory or symbolic link.
+func getAllXattr(path string) (map[string]string, error) {
+	xattrNames, err := xattr.LList(path)
+	if err != nil {
+		// Some filesystems don't support llistxattr() for various reasons.
+		// Interpret this as a set of no xattrs, instead of an error.
+		if errors.Is(err, unix.EOPNOTSUPP) {
+			return nil, nil
+		}
+
+		return nil, fmt.Errorf("Failed getting extended attributes from %q: %w", path, err)
+	}
+
+	var xattrs = make(map[string]string, len(xattrNames))
+	for _, xattrName := range xattrNames {
+		value, err := xattr.LGet(path, xattrName)
+		if err != nil {
+			return nil, fmt.Errorf("Failed getting %q extended attribute from %q: %w", xattrName, path, err)
+		}
+
+		xattrs[xattrName] = string(value)
+	}
+
+	return xattrs, nil
+}
+
+// getErrno checks if the Go error is a kernel errno.
+func getErrno(err error) (errno error, iserrno bool) {
+	sysErr, ok := err.(*os.SyscallError)
+	if ok {
+		return sysErr.Err, true
+	}
+
+	pathErr, ok := err.(*os.PathError)
+	if ok {
+		return pathErr.Err, true
+	}
+
+	tmpErrno, ok := err.(unix.Errno)
+	if ok {
+		return tmpErrno, true
+	}
+
+	return nil, false
+}
diff --git a/internal/idmap/parse_linux.go b/shared/idmap/parse_linux.go
similarity index 100%
rename from internal/idmap/parse_linux.go
rename to shared/idmap/parse_linux.go
diff --git a/internal/idmap/shift_linux.go b/shared/idmap/shift_linux.go
similarity index 97%
rename from internal/idmap/shift_linux.go
rename to shared/idmap/shift_linux.go
index 118b9050aaa..8d157bf5929 100644
--- a/internal/idmap/shift_linux.go
+++ b/shared/idmap/shift_linux.go
@@ -20,12 +20,12 @@ package idmap
 #include <sys/stat.h>
 #include <sys/types.h>
 
-#include "../cgo/incus_posix_acl_xattr.h"
-#include "../cgo/memory_utils.h"
-#include "../cgo/mount_utils.h"
-#include "../cgo/process_utils.h"
-#include "../cgo/syscall_numbers.h"
-#include "../cgo/syscall_wrappers.h"
+#include "../../shared/cgo/incus_posix_acl_xattr.h"
+#include "../../shared/cgo/memory_utils.h"
+#include "../../shared/cgo/mount_utils.h"
+#include "../../shared/cgo/process_utils.h"
+#include "../../shared/cgo/syscall_numbers.h"
+#include "../../shared/cgo/syscall_wrappers.h"
 
 // Needs to be included at the end
 #include <sys/acl.h>
@@ -348,8 +348,7 @@ import (
 
 	"golang.org/x/sys/unix"
 
-	_ "github.com/lxc/incus/internal/cgo" // Used by cgo
-	"github.com/lxc/incus/internal/linux"
+	_ "github.com/lxc/incus/shared/cgo" // Used by cgo
 	"github.com/lxc/incus/shared/logger"
 )
 
@@ -371,7 +370,7 @@ func ShiftOwner(basepath string, path string, uid int, gid int) error {
 
 // GetCaps extracts the list of capabilities effective on the file
 func GetCaps(path string) ([]byte, error) {
-	xattrs, err := linux.GetAllXattr(path)
+	xattrs, err := getAllXattr(path)
 	if err != nil {
 		return nil, err
 	}
@@ -512,7 +511,7 @@ func SupportsVFS3Fscaps(prefix string) bool {
 	cmd := exec.Command(tmpfile.Name())
 	err = cmd.Run()
 	if err != nil {
-		errno, isErrno := linux.GetErrno(err)
+		errno, isErrno := getErrno(err)
 		if isErrno && (errno == unix.ERANGE || errno == unix.EOVERFLOW) {
 			return false
 		}