diff -Nru lxc-0.8.0~rc1/debian/apparmor/abstractions-lxc-container-base lxc-0.8.0~rc1/debian/apparmor/abstractions-lxc-container-base
--- lxc-0.8.0~rc1/debian/apparmor/abstractions-lxc-container-base	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/apparmor/abstractions-lxc-container-base	2013-02-07 19:27:22.000000000 +0000
@@ -18,10 +18,13 @@
   # allow bind mount of /lib/init/fstab for lxcguest
   mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/,
 
-  # deny writes in /proc/sys/fs but allow fusectl to be mounted
+  # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
   mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
   deny @{PROC}/sys/fs/** wklx,
 
+  # allow efivars to be mounted, writing to it will be blocked though
+  mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
+
   # block some other dangerous paths
   deny @{PROC}/sysrq-trigger rwklx,
   deny @{PROC}/mem rwklx,
@@ -42,3 +45,4 @@
   deny /sys/fs/[^c]*/** wklx,
   deny /sys/fs/c[^g]*/** wklx,
   deny /sys/fs/cg[^r]*/** wklx,
+  deny /sys/firmware/efi/efivars/** rwklx,
diff -Nru lxc-0.8.0~rc1/debian/changelog lxc-0.8.0~rc1/debian/changelog
--- lxc-0.8.0~rc1/debian/changelog	2012-11-28 10:06:56.000000000 +0000
+++ lxc-0.8.0~rc1/debian/changelog	2013-02-28 15:12:53.000000000 +0000
@@ -1,8 +1,36 @@
-lxc (0.8.0~rc1-4ubuntu38~ubuntu12.04.1) precise-backports; urgency=low
+lxc (0.8.0~rc1-4ubuntu39.12.10.2~ubuntu12.04.1) precise-backports; urgency=low
 
-  * No-change backport to precise (LP: #1082426)
+  * No-change backport to precise
 
- -- Iain Lane <iain@orangesquash.org.uk>  Wed, 28 Nov 2012 10:06:56 +0000
+ -- Scott Kitterman <scott@kitterman.com>  Thu, 28 Feb 2013 10:12:53 -0500
+
+lxc (0.8.0~rc1-4ubuntu39.12.10.2) quantal-proposed; urgency=low
+
+  * Don't directly write/remove /etc/dnsmasq.d/lxc as that's causing problems
+    when removing and reinstalling lxc.
+    Instead have dnsmasq ship /etc/dnsmasq.d-available/lxc and create/remove
+    a symlink in /etc/dnsmasq.d/. (LP: #1113821)
+  * Allow the container to mount efivars on /sys/firmware/efi/efivars.
+    efivars is automatically mounted by mountall on UEFI systems, failure to
+    do so leads to a complete boot failure. (LP: #1117589)
+
+ -- Stéphane Graber <stgraber@ubuntu.com>  Thu, 07 Feb 2013 14:26:22 -0500
+
+lxc (0.8.0~rc1-4ubuntu39.12.10.1) quantal-proposed; urgency=low
+
+  * 0228-ignore-kmsg-setup-failure: ignore failure to set up kmsg, since that
+    is not critical. (LP: #1097312)
+
+ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 08 Jan 2013 10:25:43 -0600
+
+lxc (0.8.0~rc1-4ubuntu39) quantal-proposed; urgency=low
+
+  * 0227-ubuntu-cloud-parsing: fix some option parsing bugs in ubuntu-cloud
+    template (LP: #1076031)
+  * 0229-lxc-clone-mount-fix: fix wrong handling of lxc.mount entries in
+    lxc-clone.  (LP: #1084089)
+
+ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 29 Nov 2012 12:45:19 -0600
 
 lxc (0.8.0~rc1-4ubuntu38) quantal-proposed; urgency=low
 
diff -Nru lxc-0.8.0~rc1/debian/lxc.dnsmasq lxc-0.8.0~rc1/debian/lxc.dnsmasq
--- lxc-0.8.0~rc1/debian/lxc.dnsmasq	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/lxc.dnsmasq	2013-02-07 19:28:36.000000000 +0000
@@ -1,2 +1,5 @@
+# Tell any system-wide dnsmasq instance to make sure to bind to interfaces
+# instead of listening on 0.0.0.0
+# WARNING: changes to this file will get lost if lxc is removed.
 bind-interfaces
 except-interface=lxcbr0
diff -Nru lxc-0.8.0~rc1/debian/lxc.maintscript lxc-0.8.0~rc1/debian/lxc.maintscript
--- lxc-0.8.0~rc1/debian/lxc.maintscript	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/lxc.maintscript	2013-02-07 19:29:33.000000000 +0000
@@ -1,2 +1,3 @@
 mv_conffile /etc/apparmor.d/abstractions/lxc-container-default /etc/apparmor.d/abstractions/lxc/container-base 0.8.0~rc1-4ubuntu18 lxc
 mv_conffile /etc/apparmor.d/abstractions/lxc-start-container /etc/apparmor.d/abstractions/lxc/start-container 0.8.0~rc1-4ubuntu18 lxc
+mv_conffile /etc/dnsmasq.d/lxc /etc/dnsmasq.d-available/lxc 0.8.0~rc1-4ubuntu39.12.10.1 lxc
diff -Nru lxc-0.8.0~rc1/debian/lxc.postinst lxc-0.8.0~rc1/debian/lxc.postinst
--- lxc-0.8.0~rc1/debian/lxc.postinst	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/lxc.postinst	2013-02-08 21:28:48.000000000 +0000
@@ -53,9 +53,6 @@
     configure)
         add_users
         apparmor_load
-
-        # Try to restart a potential system wide dnsmasq
-        invoke-rc.d dnsmasq restart 2>/dev/null || true
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
@@ -72,4 +69,19 @@
 
 #DEBHELPER#
 
+# We need this after the debhelper generated code so that dpkg-maintscript
+# can do its renamming first.
+if [ "$1" = "configure" ]; then
+    # Configure dnsmasq
+    if [ -f /etc/dnsmasq.d-available/lxc ]; then
+        echo "Setting up lxc dnsmasq configuration."
+        mkdir -p /etc/dnsmasq.d
+        if [ ! -e /etc/dnsmasq.d/lxc ]; then
+            ln -s /etc/dnsmasq.d-available/lxc /etc/dnsmasq.d/lxc
+        fi
+
+        # Try to restart a potential system wide dnsmasq
+        invoke-rc.d dnsmasq restart 2>/dev/null || true
+    fi
+fi
 exit 0
diff -Nru lxc-0.8.0~rc1/debian/lxc.postrm lxc-0.8.0~rc1/debian/lxc.postrm
--- lxc-0.8.0~rc1/debian/lxc.postrm	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/lxc.postrm	2013-02-07 19:28:36.000000000 +0000
@@ -21,10 +21,13 @@
 
 case "$1" in
     remove)
-        rm -f /etc/dnsmasq.d/lxc 2>/dev/null || true
-
-        # Try to restart a potential system wide dnsmasq
-        invoke-rc.d dnsmasq restart 2>/dev/null || true
+        if [ -L /etc/dnsmasq.d/lxc ]; then
+            echo "Removing lxc dnsmasq configuration"
+            rm -f /etc/dnsmasq.d/lxc 2>/dev/null || true
+
+            # Try to restart a potential system wide dnsmasq
+            invoke-rc.d dnsmasq restart 2>/dev/null || true
+        fi
     ;;
     purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
     ;;
diff -Nru lxc-0.8.0~rc1/debian/patches/0227-ubuntu-cloud-parsing lxc-0.8.0~rc1/debian/patches/0227-ubuntu-cloud-parsing
--- lxc-0.8.0~rc1/debian/patches/0227-ubuntu-cloud-parsing	1970-01-01 00:00:00.000000000 +0000
+++ lxc-0.8.0~rc1/debian/patches/0227-ubuntu-cloud-parsing	2012-11-29 18:45:02.000000000 +0000
@@ -0,0 +1,29 @@
+Description: fix lxc-ubuntu-cloud option parsing bugs
+ the -u shortopt matching --userdata was not specified, and when -L
+ is found, there is no optarg so shift 1 not 2.
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Ubuntu-bug: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1076031
+Forwarded: yes
+
+Index: lxc/templates/lxc-ubuntu-cloud.in
+===================================================================
+--- lxc.orig/templates/lxc-ubuntu-cloud.in	2012-11-26 10:12:13.063703856 -0600
++++ lxc/templates/lxc-ubuntu-cloud.in	2012-11-26 10:23:17.435679618 -0600
+@@ -131,7 +131,7 @@
+     return 0
+ }
+ 
+-options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
++options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds:u: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
+ if [ $? -ne 0 ]; then
+     usage $(basename $0)
+     exit 1
+@@ -189,7 +189,7 @@
+     -u|--userdata)     userdata=$2; shift 2;;
+     -C|--cloud)        cloud=1; shift 1;;
+     -S|--auth-key)     auth_key=$2; shift 2;;
+-    -L|--no_locales)   locales=0; shift 2;;
++    -L|--no_locales)   locales=0; shift 1;;
+     -T|--tarball)      tarball=$2; shift 2;;
+     -d|--debug)        debug=1; shift 1;;
+     -s|--stream)       stream=$2; shift 2;;
diff -Nru lxc-0.8.0~rc1/debian/patches/0228-ignore-kmsg-setup-failure lxc-0.8.0~rc1/debian/patches/0228-ignore-kmsg-setup-failure
--- lxc-0.8.0~rc1/debian/patches/0228-ignore-kmsg-setup-failure	1970-01-01 00:00:00.000000000 +0000
+++ lxc-0.8.0~rc1/debian/patches/0228-ignore-kmsg-setup-failure	2013-01-08 16:25:37.000000000 +0000
@@ -0,0 +1,23 @@
+Description: don't fail if /dev/kmsg isn't set up
+ It's not crucial, and containers can be set up with ro root which will
+ prevent it from working anywa.
+ Note - this is already in the github staging tree.
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Forwarded: no
+
+Index: lxc-0.8.0~rc1/src/lxc/conf.c
+===================================================================
+--- lxc-0.8.0~rc1.orig/src/lxc/conf.c	2013-01-08 10:25:34.376389708 -0600
++++ lxc-0.8.0~rc1/src/lxc/conf.c	2013-01-08 10:25:34.368389710 -0600
+@@ -2232,10 +2232,8 @@
+ 		return -1;
+ 	}
+ 
+-	if (setup_kmsg(&lxc_conf->rootfs, &lxc_conf->console)) {
++	if (setup_kmsg(&lxc_conf->rootfs, &lxc_conf->console)) // don't fail
+ 		ERROR("failed to setup kmsg for '%s'", name);
+-		return -1;
+-	}
+ 
+ 	if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info, lxc_conf->ttydir)) {
+ 		ERROR("failed to setup the ttys for '%s'", name);
diff -Nru lxc-0.8.0~rc1/debian/patches/0229-lxc-clone-mount-fix lxc-0.8.0~rc1/debian/patches/0229-lxc-clone-mount-fix
--- lxc-0.8.0~rc1/debian/patches/0229-lxc-clone-mount-fix	1970-01-01 00:00:00.000000000 +0000
+++ lxc-0.8.0~rc1/debian/patches/0229-lxc-clone-mount-fix	2012-11-29 18:45:06.000000000 +0000
@@ -0,0 +1,22 @@
+Description: lxc-clone: fix wrong handling of lxc.mount
+ We can't simply search on and remove 'lxc.mount' entries, as those will
+ also hit lxc.mount.entry entries.  Look for 'lxc.mount[ \t]' instead.
+ This cherrypicks an upstream fix for lxc-clone, so does not need to be
+ forwarded upstream.
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1084089
+Forwarded: no
+
+Index: lxc/src/lxc/lxc-clone.in
+===================================================================
+--- lxc.orig/src/lxc/lxc-clone.in	2012-11-26 16:52:52.161010000 -0600
++++ lxc/src/lxc/lxc-clone.in	2012-11-28 10:47:07.365481892 -0600
+@@ -180,7 +180,7 @@
+ sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config
+ echo "lxc.utsname = $hostname" >> $lxc_path/$lxc_new/config
+ 
+-grep "lxc.mount" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; }
++grep "lxc.mount[ \t]" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount[ \t]/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; }
+ 
+ if [ -e  $lxc_path/$lxc_orig/fstab ];then
+     cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
diff -Nru lxc-0.8.0~rc1/debian/patches/series lxc-0.8.0~rc1/debian/patches/series
--- lxc-0.8.0~rc1/debian/patches/series	2012-10-24 16:12:28.000000000 +0000
+++ lxc-0.8.0~rc1/debian/patches/series	2013-01-08 16:25:33.000000000 +0000
@@ -105,3 +105,6 @@
 0222-debian-dhcp3-package
 0223-ubuntu-template-user-msg
 0225-ubuntu-cloud-numeric-owner
+0227-ubuntu-cloud-parsing
+0228-ignore-kmsg-setup-failure
+0229-lxc-clone-mount-fix
diff -Nru lxc-0.8.0~rc1/debian/rules lxc-0.8.0~rc1/debian/rules
--- lxc-0.8.0~rc1/debian/rules	2012-10-24 16:10:12.000000000 +0000
+++ lxc-0.8.0~rc1/debian/rules	2013-02-07 19:28:36.000000000 +0000
@@ -70,8 +70,8 @@
 	chmod ugo+x debian/lxc/usr/share/lxc/hooks/*
 
 	# copy dnsmasq configuration
-	mkdir -p debian/lxc/etc/dnsmasq.d
-	cp debian/lxc.dnsmasq debian/lxc/etc/dnsmasq.d/lxc
+	mkdir -p debian/lxc/etc/dnsmasq.d-available
+	cp debian/lxc.dnsmasq debian/lxc/etc/dnsmasq.d-available/lxc
 
 	dh_install --fail-missing