diff --git a/nixos/tests/incus/container.nix b/nixos/tests/incus/container.nix
index 2d3fa49e5bd1..2fa1709c7484 100644
--- a/nixos/tests/incus/container.nix
+++ b/nixos/tests/incus/container.nix
@@ -56,6 +56,10 @@ in
           retry(instance_is_up)
         machine.succeed("echo true | incus exec container /run/current-system/sw/bin/bash -")
 
+    with subtest("Container mounts lxcfs overlays"):
+        machine.succeed("incus exec container mount | grep 'lxcfs on /proc/cpuinfo type fuse.lxcfs'")
+        machine.succeed("incus exec container mount | grep 'lxcfs on /proc/meminfo type fuse.lxcfs'")
+
     with subtest("Container CPU limits can be managed"):
         set_container("limits.cpu 1")
         cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip()
diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix
index 28777d36e6be..ee923786c295 100644
--- a/pkgs/os-specific/linux/lxcfs/default.nix
+++ b/pkgs/os-specific/linux/lxcfs/default.nix
@@ -1,41 +1,58 @@
-{ config, lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, help2man, fuse
-, util-linux, makeWrapper
-, enableDebugBuild ? config.lxcfs.enableDebugBuild or false }:
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  fuse3,
+  help2man,
+  makeWrapper,
+  meson,
+  ninja,
+  nixosTests,
+  pkg-config,
+  python3,
+  util-linux,
+}:
 
 stdenv.mkDerivation rec {
   pname = "lxcfs";
-  version = "4.0.12";
+  version = "5.0.4";
 
   src = fetchFromGitHub {
     owner = "lxc";
     repo = "lxcfs";
     rev = "lxcfs-${version}";
-    sha256 = "sha256-+wp29GD+toXGfQbPGYbDJ7/P+FY1uQY4uK3OQxTE9GM=";
+    sha256 = "sha256-vusxbFV7cnQVBOOo7E+fSyaE63f5QiE2xZhYavc8jJU=";
   };
 
-  postPatch = ''
-    sed -i -e '1i #include <sys/pidfd.h>' src/bindings.c
-  '';
+  patches = [
+    # skip RPM spec generation
+    ./no-spec.patch
 
-  nativeBuildInputs = [ pkg-config help2man autoreconfHook makeWrapper ];
-  buildInputs = [ fuse ];
+    # skip installing systemd files
+    ./skip-init.patch
 
-  preConfigure = lib.optionalString enableDebugBuild ''
-    sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am
-  '';
-
-  configureFlags = [
-    "--with-init-script=systemd"
-    "--sysconfdir=/etc"
-    "--localstatedir=/var"
+    # fix pidfd checks and include
+    ./pidfd.patch
   ];
 
-  installFlags = [ "SYSTEMD_UNIT_DIR=\${out}/lib/systemd" ];
+
+  nativeBuildInputs = [
+    meson
+    help2man
+    makeWrapper
+    ninja
+    (python3.withPackages (p: [ p.jinja2 ]))
+    pkg-config
+  ];
+  buildInputs = [ fuse3 ];
+
+  preConfigure = ''
+    patchShebangs tools/
+  '';
 
   postInstall = ''
     # `mount` hook requires access to the `mount` command from `util-linux`:
-    wrapProgram "$out/share/lxcfs/lxc.mount.hook" \
-      --prefix PATH : "${util-linux}/bin"
+    wrapProgram "$out/share/lxcfs/lxc.mount.hook" --prefix PATH : "${util-linux}/bin"
   '';
 
   postFixup = ''
@@ -43,6 +60,10 @@ stdenv.mkDerivation rec {
     patchelf --set-rpath "$(patchelf --print-rpath "$out/bin/lxcfs"):$out/lib" "$out/bin/lxcfs"
   '';
 
+  passthru.tests = {
+    incus-container = nixosTests.incus.container;
+  };
+
   meta = {
     description = "FUSE filesystem for LXC";
     homepage = "https://linuxcontainers.org/lxcfs";
diff --git a/pkgs/os-specific/linux/lxcfs/no-spec.patch b/pkgs/os-specific/linux/lxcfs/no-spec.patch
new file mode 100644
index 000000000000..ead4bfcf80f7
--- /dev/null
+++ b/pkgs/os-specific/linux/lxcfs/no-spec.patch
@@ -0,0 +1,24 @@
+diff --git a/meson.build b/meson.build
+index a0289ad..93fc61a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -253,19 +253,6 @@ if want_tests == true
+         c_args: '-DRELOADTEST -DDEBUG')
+ endif
+ 
+-# RPM spec.
+-lxcfs_spec = custom_target(
+-    'lxcfs.spec',
+-    build_by_default: true,
+-    input: 'lxcfs.spec.in',
+-    output: 'lxcfs.spec',
+-    command: [
+-        meson_render_jinja2,
+-        config_h,
+-        '@INPUT@',
+-        '@OUTPUT@',
+-    ])
+-
+ # Man pages
+ if want_docs == true
+     help2man = find_program('help2man')
diff --git a/pkgs/os-specific/linux/lxcfs/pidfd.patch b/pkgs/os-specific/linux/lxcfs/pidfd.patch
new file mode 100644
index 000000000000..3d9b6faa57f9
--- /dev/null
+++ b/pkgs/os-specific/linux/lxcfs/pidfd.patch
@@ -0,0 +1,29 @@
+diff --git a/meson.build b/meson.build
+index a0289ad..211b01b 100644
+--- a/meson.build
++++ b/meson.build
+@@ -134,11 +134,13 @@ foreach ident: [
+      '''#include <stdlib.h>
+         #include <unistd.h>
+         #include <signal.h>
++        #include <sys/pidfd.h>
+         #include <sys/wait.h>'''],
+     ['pidfd_open',
+      '''#include <stdlib.h>
+         #include <unistd.h>
+         #include <signal.h>
++        #include <sys/pidfd.h>
+         #include <sys/wait.h>'''],
+ ]
+     have = cc.has_function(ident[0], prefix: ident[1], args: '-D_GNU_SOURCE')
+diff --git a/src/bindings.c b/src/bindings.c
+index 13259c1..e760330 100644
+--- a/src/bindings.c
++++ b/src/bindings.c
+@@ -1,5 +1,6 @@
+ /* SPDX-License-Identifier: LGPL-2.1+ */
+ 
++#include <sys/pidfd.h>
+ #include "config.h"
+ 
+ #include <dirent.h>
diff --git a/pkgs/os-specific/linux/lxcfs/skip-init.patch b/pkgs/os-specific/linux/lxcfs/skip-init.patch
new file mode 100644
index 000000000000..6e7cdc90d706
--- /dev/null
+++ b/pkgs/os-specific/linux/lxcfs/skip-init.patch
@@ -0,0 +1,12 @@
+diff --git a/meson.build b/meson.build
+index a0289ad..10c0a28 100644
+--- a/meson.build
++++ b/meson.build
+@@ -285,7 +285,6 @@ endif
+ 
+ 
+ # Include sub-directories.
+-subdir('config/init')
+ subdir('share')
+ subdir('tests')
+