diff --git a/build/components/versions.yml b/build/components/versions.yml
index bc56ce54b2..f8bd000088 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -31,6 +31,7 @@ package:
   libcap-ng: v0.8.5
   libcapstone: 4.0.2
   libcurl: curl-8_14_1
+  libfuse2: fuse-2.9.9
   libfuse3: fuse-3.16.2
   libffi: v3.5.2
   libgcrypt: libgcrypt-1.10.2
diff --git a/images/packages/libfuse2/README.md b/images/packages/libfuse2/README.md
new file mode 100644
index 0000000000..f87a8b62a6
--- /dev/null
+++ b/images/packages/libfuse2/README.md
@@ -0,0 +1,32 @@
+# libfuse2
+└── [drwxr-xr-x     6]  usr
+    ├── [drwxr-xr-x     4]  bin
+    │   ├── [-rwsr-xr-x   35K]  fusermount
+    │   └── [-rwxr-xr-x   15K]  ulockmgr_server
+    ├── [drwxr-xr-x     5]  include
+    │   ├── [drwxr-xr-x    10]  fuse
+    │   │   ├── [-rw-r--r--  2.5K]  cuse_lowlevel.h
+    │   │   ├── [-rw-r--r--   34K]  fuse.h
+    │   │   ├── [-rw-r--r--   12K]  fuse_common.h
+    │   │   ├── [-rw-r--r--   714]  fuse_common_compat.h
+    │   │   ├── [-rw-r--r--  7.8K]  fuse_compat.h
+    │   │   ├── [-rw-r--r--   52K]  fuse_lowlevel.h
+    │   │   ├── [-rw-r--r--  6.7K]  fuse_lowlevel_compat.h
+    │   │   └── [-rw-r--r--  7.3K]  fuse_opt.h
+    │   ├── [-rw-r--r--   246]  fuse.h
+    │   └── [-rw-r--r--   679]  ulockmgr.h
+    ├── [drwxr-xr-x    11]  lib64
+    │   ├── [-rwxr-xr-x   913]  libfuse.la
+    │   ├── [lrwxrwxrwx    16]  libfuse.so -> libfuse.so.2.9.9
+    │   ├── [lrwxrwxrwx    16]  libfuse.so.2 -> libfuse.so.2.9.9
+    │   ├── [-rwxr-xr-x  256K]  libfuse.so.2.9.9
+    │   ├── [-rwxr-xr-x   936]  libulockmgr.la
+    │   ├── [lrwxrwxrwx    20]  libulockmgr.so -> libulockmgr.so.1.0.1
+    │   ├── [lrwxrwxrwx    20]  libulockmgr.so.1 -> libulockmgr.so.1.0.1
+    │   ├── [-rwxr-xr-x   14K]  libulockmgr.so.1.0.1
+    │   └── [drwxr-xr-x     3]  pkgconfig
+    │       └── [-rw-r--r--   247]  fuse.pc
+    └── [drwxr-xr-x     3]  sbin
+        └── [-rwxr-xr-x   15K]  mount.fuse
+
+8 directories, 22 files
\ No newline at end of file
diff --git a/images/packages/libfuse2/patches/001-util-ulockmgr_server-c-conditionally-define-closefrom-fix-glibc-2-34.patch b/images/packages/libfuse2/patches/001-util-ulockmgr_server-c-conditionally-define-closefrom-fix-glibc-2-34.patch
new file mode 100644
index 0000000000..030bdd4b0e
--- /dev/null
+++ b/images/packages/libfuse2/patches/001-util-ulockmgr_server-c-conditionally-define-closefrom-fix-glibc-2-34.patch
@@ -0,0 +1,43 @@
+diff --git a/configure.ac b/configure.ac
+index 9946a0efa..a2d481aa9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,6 +55,7 @@ fi
+
+ AC_CHECK_FUNCS([fork setxattr fdatasync splice vmsplice utimensat])
+ AC_CHECK_FUNCS([posix_fallocate])
++AC_CHECK_FUNCS([closefrom])
+ AC_CHECK_MEMBERS([struct stat.st_atim])
+ AC_CHECK_MEMBERS([struct stat.st_atimespec])
+
+diff --git a/util/ulockmgr_server.c b/util/ulockmgr_server.c
+index 273c7d923..a04dac5c6 100644
+--- a/util/ulockmgr_server.c
++++ b/util/ulockmgr_server.c
+@@ -22,6 +22,10 @@
+ #include <sys/socket.h>
+ #include <sys/wait.h>
+
++#ifdef HAVE_CONFIG_H
++	#include "config.h"
++#endif
++
+ struct message {
+ 	unsigned intr : 1;
+ 	unsigned nofd : 1;
+@@ -124,6 +128,7 @@ static int receive_message(int sock, void *buf, size_t buflen, int *fdp,
+ 	return res;
+ }
+
++#if !defined(HAVE_CLOSEFROM)
+ static int closefrom(int minfd)
+ {
+ 	DIR *dir = opendir("/proc/self/fd");
+@@ -141,6 +146,7 @@ static int closefrom(int minfd)
+ 	}
+ 	return 0;
+ }
++#endif
+
+ static void send_reply(int cfd, struct message *msg)
+ {
diff --git a/images/packages/libfuse2/patches/README.md b/images/packages/libfuse2/patches/README.md
new file mode 100644
index 0000000000..24a253970a
--- /dev/null
+++ b/images/packages/libfuse2/patches/README.md
@@ -0,0 +1,6 @@
+# 001-util-ulockmgr_server-c-conditionally-define-closefrom-fix-glibc-2-34.patch
+closefrom(3) has joined us in glibc-land from *BSD and Solaris. Since
+it's available in glibc 2.34+, we want to detect it and only define our
+fallback if the libc doesn't provide it.
+https://github.com/libfuse/libfuse/commit/5a43d0f724c56f8836f3f92411e0de1b5f82db32]
+https://bugs.gentoo.org/803923
\ No newline at end of file
diff --git a/images/packages/libfuse2/werf.inc.yaml b/images/packages/libfuse2/werf.inc.yaml
new file mode 100644
index 0000000000..eb02c63ff1
--- /dev/null
+++ b/images/packages/libfuse2/werf.inc.yaml
@@ -0,0 +1,112 @@
+---
+{{- $name := print $.ImageName "-dependencies" -}}
+{{- define "$name" -}}
+altPackages:
+- gcc git
+- make autoconf automake libtool pkgconfig
+- gettext-tools
+- tree
+packages:
+- systemd
+{{- end -}}
+
+{{- $builderDependencies := include "$name" . | fromYaml }}
+
+{{- $version := get .PackageVersion .ImageName }}
+{{- $gitRepoUrl := "libfuse/libfuse.git" }}
+
+image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}
+final: false
+fromImage: builder/scratch
+import:
+- image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-builder
+  add: /out
+  to: /{{ .ImageName }}
+  before: setup
+
+---
+image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-src-artifact
+final: false
+fromImage: builder/src
+secrets:
+- id: SOURCE_REPO
+  value: {{ $.SOURCE_REPO_GIT }}
+git:
+- add: {{ .ModuleDir }}/images/packages/{{ .ImageName }}
+  to: /
+  includePaths:
+  - patches
+  stageDependencies:
+    install:
+      - '**/*'
+shell:
+  install:
+  - |
+    git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch {{ $version }} /src
+    cd /src
+    for p in /patches/*.patch ; do
+      echo -n "Apply ${p} ... "
+      git apply --ignore-space-change --ignore-whitespace ${p} && echo OK || (echo FAIL ; exit 1)
+    done
+
+
+---
+image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-builder
+final: false
+fromImage: builder/alt
+import:
+- image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-src-artifact
+  add: /src
+  to: /src
+  before: install
+{{- include "importPackageImages" (list . $builderDependencies.packages "install") -}}
+secrets:
+- id: SOURCE_REPO
+  value: {{ $.SOURCE_REPO_GIT }}
+shell:
+  beforeInstall:
+  {{- include "alt packages proxy" . | nindent 2 }}
+  - |
+    apt-get install -y \
+      {{ $builderDependencies.altPackages | join " " }}
+
+  {{- include "alt packages clean" . | nindent 2 }}
+
+  install:
+  - |
+    # Install packages
+    PKGS="{{ $builderDependencies.packages | join " " }}"
+    for pkg in $PKGS; do
+      cp -a /$pkg/. /
+      rm -rf /$pkg
+    done
+
+    OUTDIR=/out
+
+    cd /src
+
+    cp /usr/share/gettext/config.rpath .
+    autoreconf -if
+    ./configure \
+      --prefix=/usr \
+      --sbindir=/usr/sbin \
+      --libdir=/usr/lib64 \
+      --enable-lib \
+      --enable-util \
+      --disable-static
+
+    make -j$(nproc)
+    make DESTDIR=$OUTDIR install
+
+    find $OUTDIR -type f -executable | while read -r execfile; do
+    if strip "$execfile"; then
+      echo "Stripped: $execfile"
+    fi
+    done
+
+    rm -rf /out/usr/share
+    rm -rf /out/dev
+    rm -rf /out/etc
+    mv $OUTDIR/sbin $OUTDIR/usr/sbin
+
+    tree -hp /out
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 213551c9f5..fc98fe7205 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -76,7 +76,6 @@ altLibs:
   - psmisc
   - msulogin
   - strace
-  - libfuse
 binaries:
   # Gnu utils (requared for swtpm)
   - /usr/bin/certtool
@@ -102,7 +101,7 @@ packages:
 - swtpm libtpms numactl dmidecode
 - libisoburn libburn libattr libaudit
 - gnutls acl libbsd libgcrypt libmd
-- util-linux libfuse3 nettle libgsasl
+- util-linux libfuse3 libfuse2 nettle libgsasl
 - libnbd libcap-ng libcapstone libcurl
 - libjson-c5 keyutils libisofs
 - zlib zstd p11-kit