diff -Nru lightdm-1.16.3/debian/changelog lightdm-1.16.3/debian/changelog
--- lightdm-1.16.3/debian/changelog	2015-09-29 17:25:12.000000000 -0400
+++ lightdm-1.16.3/debian/changelog	2015-10-12 12:16:09.000000000 -0400
@@ -1,3 +1,10 @@
+lightdm (1.16.3-0ubuntu2) UNRELEASED; urgency=medium
+
+  * debian/patches/chromium-sandbox-groups.patch: cgroups support for guest
+    sessions. (LP: #1504049, LP: #1464958)
+
+ -- Chad MILLER <chad.miller@canonical.com>  Mon, 12 Oct 2015 12:10:35 -0400
+
 lightdm (1.16.3-0ubuntu1) wily; urgency=medium
 
   * New upstream release:
diff -Nru lightdm-1.16.3/debian/patches/chromium-sandbox-groups.patch lightdm-1.16.3/debian/patches/chromium-sandbox-groups.patch
--- lightdm-1.16.3/debian/patches/chromium-sandbox-groups.patch	1969-12-31 19:00:00.000000000 -0500
+++ lightdm-1.16.3/debian/patches/chromium-sandbox-groups.patch	2015-10-12 12:30:37.000000000 -0400
@@ -0,0 +1,18 @@
+Description: Chromium sandbox demands write acccess to this process's user
+  namespacing and cgroup. It is supposed to drop permissions only, but it's
+  impossible to enforce that with apparmor.
+Author: Chad Miller <chad.miller@canonical.com>
+
+--- a/data/apparmor/abstractions/lightdm_chromium-browser
++++ b/data/apparmor/abstractions/lightdm_chromium-browser
+@@ -62,6 +62,10 @@
+     @{PROC}/[0-9]*/statm r,            # sandbox wants these
+     @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
+ 
++    owner @{PROC}/@{pid}/setgroups w,
++    owner @{PROC}/@{pid}/uid_map w,
++    owner @{PROC}/@{pid}/gid_map w,
++
+     /selinux/ r,
+ 
+     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
diff -Nru lightdm-1.16.3/debian/patches/series lightdm-1.16.3/debian/patches/series
--- lightdm-1.16.3/debian/patches/series	2015-09-06 19:49:32.000000000 -0400
+++ lightdm-1.16.3/debian/patches/series	2015-10-12 12:26:08.000000000 -0400
@@ -1,3 +1,4 @@
 04_language_handling.patch
 05_translate_debian_files.patch
 autologin-session-workaround.patch
+chromium-sandbox-groups.patch