diff -Nru lxc-2.0.4/debian/changelog lxc-2.0.4/debian/changelog
--- lxc-2.0.4/debian/changelog	2016-08-16 23:29:13.000000000 +0000
+++ lxc-2.0.4/debian/changelog	2016-08-26 20:27:18.000000000 +0000
@@ -1,3 +1,11 @@
+lxc (2.0.4-0ubuntu3) yakkety; urgency=medium
+
+  * Cherry-pick from upstream (fixes checkpoint/restore):
+    - 0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
+    - 0004-c-r-Fix-pid_t-on-some-arches.patch
+
+ -- Stéphane Graber <stgraber@ubuntu.com>  Fri, 26 Aug 2016 16:27:18 -0400
+
 lxc (2.0.4-0ubuntu2) yakkety; urgency=medium
 
   * Cherry-pick from upstream (for 4.6 kernel):
diff -Nru lxc-2.0.4/debian/.git-dpm lxc-2.0.4/debian/.git-dpm
--- lxc-2.0.4/debian/.git-dpm	2016-08-16 23:28:50.000000000 +0000
+++ lxc-2.0.4/debian/.git-dpm	2016-08-26 20:27:12.000000000 +0000
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-e6844be341ee3746ad012ea21eb3c596c38a3b8b
-e6844be341ee3746ad012ea21eb3c596c38a3b8b
+59b2682437ed00977745cc0e7935ab8c9ef6dc97
+59b2682437ed00977745cc0e7935ab8c9ef6dc97
 3af199b3c4e7fcefbad977b147e4214df56e33ab
 3af199b3c4e7fcefbad977b147e4214df56e33ab
 lxc_2.0.4.orig.tar.gz
diff -Nru lxc-2.0.4/debian/patches/0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch lxc-2.0.4/debian/patches/0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
--- lxc-2.0.4/debian/patches/0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch	1970-01-01 00:00:00.000000000 +0000
+++ lxc-2.0.4/debian/patches/0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch	2016-08-26 20:27:12.000000000 +0000
@@ -0,0 +1,135 @@
+From a63c3e3c63454bb2bdcb1481911415aea0c32943 Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho.andersen@canonical.com>
+Date: Fri, 26 Aug 2016 16:07:19 +0000
+Subject: c/r: use /proc/self/tid/children instead of pidfile
+
+All we really needed a unique temp file for was passing the pid. Since CRIU
+opened this with O_EXCL | O_CREAT, this was "safe" (users could still
+overwrite it afterwards, but the monitor would immediately die since the
+only valid number in there was the init process).
+
+In any case, we can just read /proc/self/tid/children, which lists the
+child process.
+
+Closes #1150
+
+Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
+---
+ src/lxc/criu.c | 38 ++++++++++++++------------------------
+ 1 file changed, 14 insertions(+), 24 deletions(-)
+
+diff --git a/src/lxc/criu.c b/src/lxc/criu.c
+index 65998ed..76d7080 100644
+--- a/src/lxc/criu.c
++++ b/src/lxc/criu.c
+@@ -69,7 +69,6 @@ struct criu_opts {
+ 	char tty_id[32]; /* the criu tty id for /dev/console, i.e. "tty[${rdev}:${dev}]" */
+ 
+ 	/* restore: the file to write the init process' pid into */
+-	char *pidfile;
+ 	const char *cgroup_path;
+ 	int console_fd;
+ 	/* The path that is bind mounted from /dev/console, if any. We don't
+@@ -176,10 +175,10 @@ static void exec_criu(struct criu_opts *opts)
+ 			static_args += 2;
+ 	} else if (strcmp(opts->action, "restore") == 0) {
+ 		/* --root $(lxc_mount_point) --restore-detached
+-		 * --restore-sibling --pidfile $foo --cgroup-root $foo
++		 * --restore-sibling --cgroup-root $foo
+ 		 * --lsm-profile apparmor:whatever
+ 		 */
+-		static_args += 10;
++		static_args += 8;
+ 
+ 		tty_info[0] = 0;
+ 		if (load_tty_major_minor(opts->user->directory, tty_info, sizeof(tty_info)))
+@@ -330,8 +329,6 @@ static void exec_criu(struct criu_opts *opts)
+ 		DECLARE_ARG(opts->c->lxc_conf->rootfs.mount);
+ 		DECLARE_ARG("--restore-detached");
+ 		DECLARE_ARG("--restore-sibling");
+-		DECLARE_ARG("--pidfile");
+-		DECLARE_ARG(opts->pidfile);
+ 		DECLARE_ARG("--cgroup-root");
+ 		DECLARE_ARG(opts->cgroup_path);
+ 
+@@ -604,13 +601,8 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+ {
+ 	pid_t pid;
+ 	struct lxc_handler *handler;
+-	int fd, status;
++	int status;
+ 	int pipes[2] = {-1, -1};
+-	char pidfile[] = "criu_restore_XXXXXX";
+-
+-	fd = mkstemp(pidfile);
+-	if (fd < 0)
+-		goto out;
+ 
+ 	handler = lxc_init(c->name, c->lxc_conf, c->config_path);
+ 	if (!handler)
+@@ -690,7 +682,6 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+ 		os.action = "restore";
+ 		os.user = opts;
+ 		os.c = c;
+-		os.pidfile = pidfile;
+ 		os.cgroup_path = cgroup_canonical_path(handler);
+ 		os.console_fd = c->lxc_conf->console.slave;
+ 		os.criu_version = criu_version;
+@@ -742,8 +733,9 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+ 		}
+ 
+ 		if (WIFEXITED(status)) {
++			char buf[4096];
++
+ 			if (WEXITSTATUS(status)) {
+-				char buf[4096];
+ 				int n;
+ 
+ 				n = read(pipes[0], buf, sizeof(buf));
+@@ -758,18 +750,21 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+ 				goto out_fini_handler;
+ 			} else {
+ 				int ret;
+-				FILE *f = fdopen(fd, "r");
++
++				ret = snprintf(buf, sizeof(buf), "/proc/self/task/%" PRId64 "/children", syscall(__NR_gettid));
++				if (ret < 0 || ret >= sizeof(buf)) {
++					ERROR("snprintf'd too many characters: %d", ret);
++					goto out_fini_handler;
++				}
++
++				FILE *f = fopen(buf, "r");
+ 				if (!f) {
+-					SYSERROR("couldn't read restore's init pidfile %s\n", pidfile);
++					SYSERROR("couldn't read restore's children file %s\n", buf);
+ 					goto out_fini_handler;
+ 				}
+-				fd = -1;
+ 
+ 				ret = fscanf(f, "%d", (int*) &handler->pid);
+ 				fclose(f);
+-				if (unlink(pidfile) < 0 && errno != ENOENT)
+-					SYSERROR("unlinking pidfile failed");
+-
+ 				if (ret != 1) {
+ 					ERROR("reading restore pid failed");
+ 					goto out_fini_handler;
+@@ -809,8 +804,6 @@ out_fini_handler:
+ 		close(pipes[1]);
+ 
+ 	lxc_fini(c->name, handler);
+-	if (unlink(pidfile) < 0 && errno != ENOENT)
+-		SYSERROR("unlinking pidfile failed");
+ 
+ out:
+ 	if (status_pipe >= 0) {
+@@ -821,9 +814,6 @@ out:
+ 		close(status_pipe);
+ 	}
+ 
+-	if (fd > 0)
+-		close(fd);
+-
+ 	exit(1);
+ }
+ 
diff -Nru lxc-2.0.4/debian/patches/0004-c-r-Fix-pid_t-on-some-arches.patch lxc-2.0.4/debian/patches/0004-c-r-Fix-pid_t-on-some-arches.patch
--- lxc-2.0.4/debian/patches/0004-c-r-Fix-pid_t-on-some-arches.patch	1970-01-01 00:00:00.000000000 +0000
+++ lxc-2.0.4/debian/patches/0004-c-r-Fix-pid_t-on-some-arches.patch	2016-08-26 20:27:12.000000000 +0000
@@ -0,0 +1,26 @@
+From 59b2682437ed00977745cc0e7935ab8c9ef6dc97 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>
+Date: Fri, 26 Aug 2016 15:41:34 -0400
+Subject: c/r: Fix pid_t on some arches
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
+---
+ src/lxc/criu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/criu.c b/src/lxc/criu.c
+index 76d7080..c20c00a 100644
+--- a/src/lxc/criu.c
++++ b/src/lxc/criu.c
+@@ -751,7 +751,7 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+ 			} else {
+ 				int ret;
+ 
+-				ret = snprintf(buf, sizeof(buf), "/proc/self/task/%" PRId64 "/children", syscall(__NR_gettid));
++				ret = snprintf(buf, sizeof(buf), "/proc/self/task/%lu/children", (unsigned long)syscall(__NR_gettid));
+ 				if (ret < 0 || ret >= sizeof(buf)) {
+ 					ERROR("snprintf'd too many characters: %d", ret);
+ 					goto out_fini_handler;
diff -Nru lxc-2.0.4/debian/patches/series lxc-2.0.4/debian/patches/series
--- lxc-2.0.4/debian/patches/series	2016-08-16 23:28:50.000000000 +0000
+++ lxc-2.0.4/debian/patches/series	2016-08-26 20:27:12.000000000 +0000
@@ -1,2 +1,4 @@
 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
 0002-bdev-use-correct-overlay-module-name.patch
+0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
+0004-c-r-Fix-pid_t-on-some-arches.patch