diff -Nru lxcfs-0.10/debian/changelog lxcfs-0.10/debian/changelog
--- lxcfs-0.10/debian/changelog	2015-11-18 16:11:48.000000000 -0600
+++ lxcfs-0.10/debian/changelog	2015-11-25 12:24:11.000000000 -0600
@@ -1,3 +1,11 @@
+lxcfs (0.10-0ubuntu2.3) wily-proposed; urgency=medium
+
+  * On upgrade, ask admin to reboot rather than restarting (LP: #1518117)
+  * debian/tests/exercise: Make test_confinement.sh executable
+  * Prune init slice in caller_may_see_dir() check.  (LP: #1519079)
+
+ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 25 Nov 2015 12:20:53 -0600
+
 lxcfs (0.10-0ubuntu2.2) wily-proposed; urgency=medium
 
   * Fix container reboot with systemd >= 226. (LP: #1514690)
diff -Nru lxcfs-0.10/debian/lxcfs.postinst lxcfs-0.10/debian/lxcfs.postinst
--- lxcfs-0.10/debian/lxcfs.postinst	1969-12-31 18:00:00.000000000 -0600
+++ lxcfs-0.10/debian/lxcfs.postinst	2015-11-19 17:30:22.000000000 -0600
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+# This script can be called in the following ways:
+#
+# After the package was installed:
+#       <postinst> configure <old-version>
+#
+#
+# If prerm fails during upgrade or fails on failed upgrade:
+#       <old-postinst> abort-upgrade <new-version>
+#
+# If prerm fails during deconfiguration of a package:
+#       <postinst> abort-deconfigure in-favour <new-package> <version>
+#                  removing <old-package> <version>
+#
+# If prerm fails during replacement due to conflict:
+#       <postinst> abort-remove in-favour <new-package> <version>
+
+case "$1" in
+    configure)
+        # Request a reboot.  If we restart lxcfs, all containers will
+        # stop working right.
+        [ -x /usr/share/update-notifier/notify-reboot-required ] && \
+            /usr/share/update-notifier/notify-reboot-required
+    ;;
+
+esac
+
+#DEBHELPER#
diff -Nru lxcfs-0.10/debian/patches/prune-init-slice.patch lxcfs-0.10/debian/patches/prune-init-slice.patch
--- lxcfs-0.10/debian/patches/prune-init-slice.patch	1969-12-31 18:00:00.000000000 -0600
+++ lxcfs-0.10/debian/patches/prune-init-slice.patch	2015-11-25 12:22:56.000000000 -0600
@@ -0,0 +1,26 @@
+commit ec3b236fe4fba6084b3a7f0b3f66428ca96718f9
+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
+Date:   Mon Nov 23 14:41:24 2015 -0600
+
+    caller_may_see_dir: prune init slice
+    
+    Otherwise systemd is denied permission to see cgroups in
+    name=systemd in the container.
+    
+    Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+
+Index: lxcfs-0.10/lxcfs.c
+===================================================================
+--- lxcfs-0.10.orig/lxcfs.c
++++ lxcfs-0.10/lxcfs.c
+@@ -377,9 +377,9 @@ static bool caller_may_see_dir(pid_t pid
+ 		return true;
+ 
+ 	c2 = get_pid_cgroup(pid, contrl);
+-
+ 	if (!c2)
+ 		return false;
++	prune_init_slice(c2);
+ 
+ 	char *tcg = c2 + 1;
+ 	l1 = strlen(cg);
diff -Nru lxcfs-0.10/debian/patches/series lxcfs-0.10/debian/patches/series
--- lxcfs-0.10/debian/patches/series	2015-11-18 14:34:07.000000000 -0600
+++ lxcfs-0.10/debian/patches/series	2015-11-25 12:22:52.000000000 -0600
@@ -2,3 +2,4 @@
 0002-fix-checking-of-parent-dirs.patch
 0002-Fix-movepid-cve.patch
 fix-systemd-reboot
+prune-init-slice.patch
diff -Nru lxcfs-0.10/debian/rules lxcfs-0.10/debian/rules
--- lxcfs-0.10/debian/rules	2015-11-11 06:23:35.000000000 -0600
+++ lxcfs-0.10/debian/rules	2015-11-19 17:30:49.000000000 -0600
@@ -11,6 +11,12 @@
 %:
 	dh $@  --with autotools_dev --with autoreconf --with systemd
 
+override_dh_installinit:
+	dh_installinit --no-restart-on-upgrade
+
+override_dh_systemd_start:
+	dh_systemd_start --no-restart-on-upgrade lxcfs.service
+
 override_dh_autoreconf:
 	[ -e m4 ] || mkdir m4
 	dh_autoreconf
diff -Nru lxcfs-0.10/debian/tests/exercise lxcfs-0.10/debian/tests/exercise
--- lxcfs-0.10/debian/tests/exercise	2015-09-03 18:38:40.000000000 -0500
+++ lxcfs-0.10/debian/tests/exercise	2015-11-25 12:20:51.000000000 -0600
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -eu
 
+chmod ugo+x tests/test_confinement.sh
 for testcase in tests/test_*; do
     ./${testcase}
 done