diff -Nru lxc-1.1.5/debian/changelog lxc-1.1.5/debian/changelog
--- lxc-1.1.5/debian/changelog	2015-11-13 17:59:55.000000000 +0000
+++ lxc-1.1.5/debian/changelog	2015-11-18 18:51:00.000000000 +0000
@@ -1,6 +1,6 @@
-lxc (1.1.5-0ubuntu2~ubuntu14.04.1) trusty-backports; urgency=medium
+lxc (1.1.5-0ubuntu3~ubuntu14.04.1) trusty-backports; urgency=medium
 
-  * Backport to trusty (LP: #1516109)
+  * Backport to trusty (LP: #1517583)
   * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
   * Add a versioned build-dependency on trusty-backports' libcgmanager-dev.
   * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager.
@@ -9,7 +9,15 @@
     This was suggested by Michael Vogt to get us one step closer to
     having apt resolve the installation of the lxd backport properly.
 
- -- Stéphane Graber <stgraber@ubuntu.com>  Fri, 13 Nov 2015 12:56:03 -0500
+ -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 18 Nov 2015 13:50:02 -0500
+
+lxc (1.1.5-0ubuntu3) xenial; urgency=medium
+
+  * Cherry-pick from upstream:
+    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
+    - Fix process title rewrite to not mangle the environment. (LP: #1517107)
+
+ -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 18 Nov 2015 13:30:41 -0500
 
 lxc (1.1.5-0ubuntu2) xenial; urgency=medium
 
diff -Nru lxc-1.1.5/debian/control lxc-1.1.5/debian/control
--- lxc-1.1.5/debian/control	2015-11-13 17:57:34.000000000 +0000
+++ lxc-1.1.5/debian/control	2015-11-18 18:51:54.000000000 +0000
@@ -110,7 +110,9 @@
  created using the Control Group and Namespace features included in the Linux
  kernel.
  .
- This package contains the test binaries.
+ This package contains the test binaries. Those binaries are primarily
+ used for autopkgtest and by some developers. They are not meant to be
+ installed on regular user systems.
 
 Package: liblxc1
 Architecture: linux-any
diff -Nru lxc-1.1.5/debian/.git-dpm lxc-1.1.5/debian/.git-dpm
--- lxc-1.1.5/debian/.git-dpm	2015-11-13 16:24:14.000000000 +0000
+++ lxc-1.1.5/debian/.git-dpm	2015-11-18 18:30:37.000000000 +0000
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-f071935b72a63f830e733fb2fec58a527a883eb4
-f071935b72a63f830e733fb2fec58a527a883eb4
+9d5d9fa5b3f3e89fd50a870224e847d80a2ef162
+9d5d9fa5b3f3e89fd50a870224e847d80a2ef162
 29977d8b7632da9ee4df51287de2f713dfa29e6a
 29977d8b7632da9ee4df51287de2f713dfa29e6a
 lxc_1.1.5.orig.tar.gz
diff -Nru lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch
--- lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch	1970-01-01 00:00:00.000000000 +0000
+++ lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch	2015-11-18 18:30:37.000000000 +0000
@@ -0,0 +1,69 @@
+From 01a9f86c57d3a7a2428c21d61b2334fdd180bf35 Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho.andersen@canonical.com>
+Date: Mon, 16 Nov 2015 15:12:36 -0700
+Subject: don't truncate environment sometimes in setproctitle
+
+Instead, let's just allocate new space for the proctitle to live and point
+the kernel at that.
+
+v2: take out testing hunk
+v3: check return from realloc
+
+Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+---
+ src/lxc/utils.c | 30 ++++++++++++------------------
+ 1 file changed, 12 insertions(+), 18 deletions(-)
+
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index d9e769d..1e36641 100644
+--- a/src/lxc/utils.c
++++ b/src/lxc/utils.c
+@@ -1349,6 +1349,7 @@ char *get_template_path(const char *t)
+  */
+ int setproctitle(char *title)
+ {
++	static char *proctitle = NULL;
+ 	char buf[2048], *tmp;
+ 	FILE *f;
+ 	int i, len, ret = 0;
+@@ -1413,28 +1414,21 @@ int setproctitle(char *title)
+ 	 * want to have room for it. */
+ 	len = strlen(title) + 1;
+ 
+-	/* We're truncating the environment, so we should use at most the
+-	 * length of the argument + environment for the title. */
+-	if (len > env_end - arg_start) {
+-		arg_end = env_end;
+-		len = env_end - arg_start;
+-		title[len-1] = '\0';
+-	} else {
+-		/* Only truncate the environment if we're actually going to
+-		 * overwrite part of it. */
+-		if (len >= arg_end - arg_start) {
+-			env_start = env_end;
+-		}
+-
+-		arg_end = arg_start + len;
+-
+-		/* check overflow */
+-		if (arg_end < len || arg_end < arg_start) {
++	/* If we don't have enough room by just overwriting the old proctitle,
++	 * let's allocate a new one.
++	 */
++	if (len > arg_end - arg_start) {
++		void *m;
++		m = realloc(proctitle, len);
++		if (!m)
+ 			return -1;
+-		}
++		proctitle = m;
+ 
++		arg_start = (unsigned long) proctitle;
+ 	}
+ 
++	arg_end = arg_start + len;
++
+ 	brk_val = syscall(__NR_brk, 0);
+ 
+ 	prctl_map = (struct prctl_mm_map) {
diff -Nru lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch
--- lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch	1970-01-01 00:00:00.000000000 +0000
+++ lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch	2015-11-18 18:30:37.000000000 +0000
@@ -0,0 +1,121 @@
+From 9d5d9fa5b3f3e89fd50a870224e847d80a2ef162 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge.hallyn@ubuntu.com>
+Date: Tue, 17 Nov 2015 12:59:05 -0600
+Subject: Better handle preserve_ns behavior
+
+Commit b6b2b194a8 preserves the container's namespaces for
+possible later use in stop hook.  But some kernels don't have
+/proc/pid/ns/ns for all the namespaces we may be interested in.
+So warn but continue if this is the case.
+
+Implement stgraber's suggested semantics.
+
+ - User requests some namespaces be preserved:
+    - If /proc/self/ns is missing => fail (saying kernel misses setns)
+    - If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>)
+ - User doesn't request some namespaces be preserved:
+    - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue
+    - If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+---
+ src/lxc/start.c | 47 ++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 34 insertions(+), 13 deletions(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index fa905e2..2308735 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -117,8 +117,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) {
+ 	}
+ }
+ 
+-static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) {
+-	int i, saved_errno;
++/*
++ * preserve_ns: open /proc/@pid/ns/@ns for each namespace specified
++ * in clone_flags.
++ * Return true on success, false on failure.  On failure, leave an error
++ * message in *errmsg, which caller must free.
++ */
++static
++bool preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid, char **errmsg) {
++	int i, ret;
+ 	char path[MAXPATHLEN];
+ 
+ 	for (i = 0; i < LXC_NS_MAX; i++)
+@@ -126,8 +133,9 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) {
+ 
+ 	snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid);
+ 	if (access(path, X_OK)) {
+-		WARN("Kernel does not support attach; preserve_ns ignored");
+-		return 0;
++		if (asprintf(errmsg, "Kernel does not support setns.") == -1)
++			*errmsg = NULL;
++		return false;
+ 	}
+ 
+ 	for (i = 0; i < LXC_NS_MAX; i++) {
+@@ -140,14 +148,20 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) {
+ 			goto error;
+ 	}
+ 
+-	return 0;
++	return true;
+ 
+ error:
+-	saved_errno = errno;
++	if (errno == ENOENT) {
++		ret = asprintf(errmsg, "Kernel does not support setns for %s",
++			ns_info[i].proc_name);
++	} else {
++		ret = asprintf(errmsg, "Failed to open %s: %s",
++			path, strerror(errno));
++	}
++	if (ret == -1)
++		*errmsg = NULL;
+ 	close_ns(ns_fd);
+-	errno = saved_errno;
+-	SYSERROR("failed to open '%s'", path);
+-	return -1;
++	return false;
+ }
+ 
+ static int attach_ns(const int ns_fd[LXC_NS_MAX]) {
+@@ -894,6 +908,7 @@ static int lxc_spawn(struct lxc_handler *handler)
+ {
+ 	int failed_before_rename = 0;
+ 	const char *name = handler->name;
++	char *errmsg = NULL;
+ 	bool cgroups_connected = false;
+ 	int saved_ns_fd[LXC_NS_MAX];
+ 	int preserve_mask = 0, i;
+@@ -968,8 +983,12 @@ static int lxc_spawn(struct lxc_handler *handler)
+ 			INFO("failed to pin the container's rootfs");
+ 	}
+ 
+-	if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0)
++	if (!preserve_ns(saved_ns_fd, preserve_mask, getpid(), &errmsg)) {
++		SYSERROR("Failed to preserve requested namespaces: %s",
++			errmsg ? errmsg : "(Out of memory)");
++		free(errmsg);
+ 		goto out_delete_net;
++	}
+ 	if (attach_ns(handler->conf->inherit_ns_fd) < 0)
+ 		goto out_delete_net;
+ 
+@@ -989,9 +1008,11 @@ static int lxc_spawn(struct lxc_handler *handler)
+ 		goto out_delete_net;
+ 	}
+ 
+-	if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) {
+-	    ERROR("failed to store namespace references");
+-	    goto out_delete_net;
++	if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid,
++				&errmsg) < 0) {
++		INFO("Failed to store namespace references for stop hook: %s",
++			errmsg ? errmsg : "(Out of memory)");
++		free(errmsg);
+ 	}
+ 
+ 	if (attach_ns(saved_ns_fd))
diff -Nru lxc-1.1.5/debian/patches/series lxc-1.1.5/debian/patches/series
--- lxc-1.1.5/debian/patches/series	2015-11-13 16:24:14.000000000 +0000
+++ lxc-1.1.5/debian/patches/series	2015-11-18 18:30:37.000000000 +0000
@@ -1,2 +1,4 @@
 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
 0002-ubuntu-cloud-Various-fixes.patch
+0003-don-t-truncate-environment-sometimes-in-setproctitle.patch
+0004-Better-handle-preserve_ns-behavior.patch