diff --git a/debian/changelog b/debian/changelog
index fa69b0c..18f61ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+docker.io (1.5.0~dfsg1-1ubuntu1) vivid; urgency=medium
+
+  * Merge from Debian experimental (LP: #1430760). Remaining changes:
+    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
+      in sync with LXC.
+    - d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts
+      from previous shutdown.
+    - d/p/arm64-support.patch: fix to allow build on arm64
+    - d/control: Bump minimum version of golang-pty-dev for broader
+      architecture support.
+    - d/control: use gccgo instead of golang on ppc64el.
+  * Drop changes:
+    - d/p/enable-gccgo-build.patch: superceded by new ppc64el patches.
+    - d/p/enable-non-amd64-arches.patch: superceded by upstream-accepted
+      patches from IBM as described below.
+  * New implementation of ppc64el support based on upstreamed IBM patches:
+    - d/p/enable-gccgo-build-v2.patch: add support to docker build
+      system for gccgo.
+    - d/p/remove-X-flag-autogenerate-dockerversion.patch
+    - d/p/dockerversion-to-autogen-go-rename.patch
+    - d/rules: conditional build against gccgo when on ppc64.
+    - d/p/fix-build-dir-autogen.patch: autogen straight into build tree.
+    - d/p/fix-dynbinary-for-autogen.patch: fix FTBFS on amd64.
+
+ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 02 Apr 2015 09:48:04 +0000
+
 docker.io (1.5.0~dfsg1-1) experimental; urgency=low
 
   * Update to 1.5.0 upstream release (Closes: #773495)
@@ -8,6 +34,64 @@ docker.io (1.5.0~dfsg1-1) experimental; urgency=low
 
  -- Tianon Gravi <admwiggin@gmail.com>  Tue, 10 Mar 2015 22:58:49 -0600
 
+docker.io (1.3.3~dfsg1-2ubuntu7) vivid; urgency=medium
+
+  * d/p/enable-gccgo-build.patch: Update for gccgo archs.
+
+ -- Matthias Klose <doko@ubuntu.com>  Sun, 08 Mar 2015 20:41:41 +0100
+
+docker.io (1.3.3~dfsg1-2ubuntu6) vivid; urgency=medium
+
+  * Drop the build dependency on gccgo-go, build-depend on gccgo instead.
+
+ -- Matthias Klose <doko@ubuntu.com>  Sat, 07 Mar 2015 22:35:36 +0100
+
+docker.io (1.3.3~dfsg1-2ubuntu5) vivid; urgency=medium
+
+  * d/p/enable-non-amd64-arches.patch: Replace in preference to upstream
+    accepted patch from IBM.
+  * d/p/device-mapper-cleanup.patch: Annotate with upstream bug report.
+  * d/p/enable-gccgo-build.patch: Annotate with pull request upstream
+    from IBM, update to deal with autogenerated go code.
+  * d/p/sync-apparmor-with-lxc.patch: Annotate with upstream pull request
+    for libcontainer, reference github.com working repository.
+  * d/control: Drop arm64 architecture for now as its going to require
+    further work in the dependency chain.
+
+ -- James Page <james.page@ubuntu.com>  Mon, 23 Feb 2015 14:04:11 +0000
+
+docker.io (1.3.3~dfsg1-2ubuntu4) vivid; urgency=medium
+
+  * Enable arm64 architecture using gccgo. 
+
+ -- James Page <james.page@ubuntu.com>  Thu, 19 Feb 2015 15:27:38 +0000
+
+docker.io (1.3.3~dfsg1-2ubuntu3) vivid; urgency=medium
+
+  * Enable ppc64el architecture using gccgo:
+    - d/p/enable-gccgo-build.patch: Add support to docker build
+      system for gccgo.
+    - d/control: Use gccgo-go for ppc64el, exclude ppc64el for golang.
+    - d/control: Bump minimum version of golang-pty-dev for broader
+      architecture support.
+
+ -- James Page <james.page@ubuntu.com>  Wed, 18 Feb 2015 10:14:06 +0000
+
+docker.io (1.3.3~dfsg1-2ubuntu2) vivid; urgency=medium
+
+  * d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts
+    from previous shutdown (LP: #1404300).
+
+ -- James Page <james.page@ubuntu.com>  Thu, 22 Jan 2015 08:50:14 +0000
+
+docker.io (1.3.3~dfsg1-2ubuntu1) vivid; urgency=low
+
+  * Merge from Debian unstable (LP: #1407408).  Remaining changes:
+    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
+      in sync with LXC.
+
+ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Sun, 04 Jan 2015 12:06:00 +0100
+
 docker.io (1.3.3~dfsg1-2) unstable; urgency=medium
 
   * Add fatal-error-old-kernels.patch to make Docker refuse to start on old,
@@ -17,6 +101,14 @@ docker.io (1.3.3~dfsg1-2) unstable; urgency=medium
 
  -- Tianon Gravi <admwiggin@gmail.com>  Sat, 03 Jan 2015 00:11:47 -0700
 
+docker.io (1.3.3~dfsg1-1ubuntu1) vivid; urgency=medium
+
+  * Merge from Debian unstable (LP: #1396572), remaining changes:
+    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
+      in sync with LXC.
+
+ -- James Page <james.page@ubuntu.com>  Fri, 19 Dec 2014 14:32:31 +0000
+
 docker.io (1.3.3~dfsg1-1) unstable; urgency=medium
 
   [ Tianon Gravi ]
@@ -35,6 +127,16 @@ docker.io (1.3.3~dfsg1-1) unstable; urgency=medium
 
  -- Tianon Gravi <admwiggin@gmail.com>  Thu, 18 Dec 2014 21:54:12 -0700
 
+docker.io (1.3.2~dfsg1-1ubuntu1) vivid; urgency=low
+
+  * Merge from Debian unstable. Remaining changes:
+    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
+      in sync with LXC.
+  * Dropped changes, equivalents included in Debian updates:
+    - d/p/support-no-env-default-file.patch.
+
+ -- James Page <james.page@ubuntu.com>  Tue, 25 Nov 2014 17:59:07 +0000
+
 docker.io (1.3.2~dfsg1-1) unstable; urgency=high
 
   * Severity is set to high due to the sensitive nature of the CVEs this
@@ -76,6 +178,37 @@ docker.io (1.2.0~dfsg1-2) unstable; urgency=medium
 
  -- Tianon Gravi <admwiggin@gmail.com>  Thu, 09 Oct 2014 00:08:11 +0000
 
+docker.io (1.2.0~dfsg1-1ubuntu2) vivid; urgency=medium
+
+  * Reenable socket activation (race fixed with systemd 215)
+  * debian/patches/support-no-env-default-file.patch:
+    - Support removed /etc/default/docker under systemd
+
+ -- Didier Roche <didrocks@ubuntu.com>  Thu, 20 Nov 2014 10:18:42 +0100
+
+docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium
+
+  * debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
+    by in sync with LXC. Specifically this:
+    - reorganizes the rules to allow for easier comparison with other
+      container policy
+    - adds comments for many rules
+    - adds bare dbus rule
+    - adds ptrace rule to allow ptracing ourselves
+    - adds deny mount options=(ro, remount, silent) -> /
+    - allows hugetlbfs
+    - adds cgmanager mount
+    - adds /sys/fs/pstore mount
+    - more specific /sys/kernel/security mount options
+    - more specific /sys mount options
+    - more specific /proc/sys/kernel/* deny rules
+    - more specific /proc/sys/net deny rules
+    - more specific /sys/class deny rules
+    - more specific /sys/devices deny rules
+    - more specific /sys/fs deny rules
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 01 Oct 2014 13:24:01 -0500
+
 docker.io (1.2.0~dfsg1-1) unstable; urgency=medium
 
   * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024).
diff --git a/debian/control b/debian/control
index 91cb433..013195e 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
 Source: docker.io
 Section: admin
 Priority: optional
-Maintainer: Paul Tagliamonte <paultag@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Paul Tagliamonte <paultag@debian.org>
 Uploaders: Docker Packaging Team <docker-maint@lists.alioth.debian.org>,
            Tianon Gravi <admwiggin@gmail.com>,
            Johan Euphrosine <proppy@google.com>
@@ -11,9 +12,8 @@ Build-Depends: bash-completion,
                dh-golang (>= 1.1),
                dh-systemd,
                go-md2man,
-               golang (>= 2:1.2-3~),
-               golang (>= 2:1.2.1-2~) | golang (<< 2:1.2.1~),
-               golang (>= 2:1.3-4~) | golang (= 2:1.3-1) | golang (<< 2:1.3~),
+               golang (>= 2:1.2-3~) [!arm64 !ppc64el !powerpc],
+               gccgo [arm64 ppc64el powerpc],
                golang-context-dev (>= 0.0~git20140604~),
                golang-dbus-dev (>= 1~),
                golang-fsnotify-dev (>= 1.0.4~),
@@ -24,7 +24,7 @@ Build-Depends: bash-completion,
                golang-gosqlite-dev (>= 0.0~hg20130530~),
                golang-logrus-dev (>= 0.6.0~),
                golang-mux-dev (>= 0.0~git20140505~),
-               golang-pty-dev (>= 0.0~git20141217~),
+               golang-pty-dev (>= 0.0~git20150218~),
                libapparmor-dev,
                libdevmapper-dev
 Standards-Version: 3.9.6
diff --git a/debian/patches/arm64-support.patch b/debian/patches/arm64-support.patch
new file mode 100644
index 0000000..0ab808a
--- /dev/null
+++ b/debian/patches/arm64-support.patch
@@ -0,0 +1,21 @@
+Description: Trivial patch to port to arm64
+Author: Adam Conrad <adconrad@ubuntu.com>
+Last-Update: 2015-04-08
+
+--- docker.io-1.5.0~dfsg1.orig/libcontainer/system/setns_linux.go
++++ docker.io-1.5.0~dfsg1/libcontainer/system/setns_linux.go
+@@ -12,6 +12,7 @@ import (
+ // We are declaring the macro here because the SETNS syscall does not exist in th stdlib
+ var setNsMap = map[string]uintptr{
+ 	"linux/386":     346,
++	"linux/arm64":   268,
+ 	"linux/amd64":   308,
+ 	"linux/arm":     374,
+ 	"linux/ppc64":   350,
+--- docker.io-1.5.0~dfsg1.orig/libcontainer/system/syscall_linux_64.go
++++ docker.io-1.5.0~dfsg1/libcontainer/system/syscall_linux_64.go
+@@ -1,4 +1,4 @@
+-// +build linux,amd64 linux,ppc64 linux,ppc64le linux,s390x
++// +build linux,arm64 linux,amd64 linux,ppc64 linux,ppc64le linux,s390x
+ 
+ package system
diff --git a/debian/patches/device-mapper-cleanup.patch b/debian/patches/device-mapper-cleanup.patch
new file mode 100644
index 0000000..3c49e51
--- /dev/null
+++ b/debian/patches/device-mapper-cleanup.patch
@@ -0,0 +1,46 @@
+Description: Cleanup stale device mapper mounts on start
+  On shutdown, docker sometimes leaves device mapper
+  mounts for container mounted, causing the containers
+  impacted to be un-startable post-restart.
+  .
+  Cleanup any stale device mapper mounts on startup; this
+  is really just a workaround for an open issue upstream.
+Author: James Page <james.page@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1404300
+Bug: https://github.com/docker/docker/issues/5684
+
+--- a/contrib/init/sysvinit-debian/docker
++++ b/contrib/init/sysvinit-debian/docker
+@@ -80,11 +80,19 @@ cgroupfs_mount() {
+ 	)
+ }
+ 
++devicemapper_umount() {
++	# Cleanup any stale mounts left from previous shutdown
++	# see https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1404300
++	grep "mapper/docker" /proc/mounts | awk '{ print $2 }' | \
++		xargs -r umount || true
++}
++
+ case "$1" in
+ 	start)
+ 		fail_unless_root
+ 
+ 		cgroupfs_mount
++		devicemapper_umount
+ 
+ 		touch "$DOCKER_LOGFILE"
+ 		chgrp docker "$DOCKER_LOGFILE"
+--- a/contrib/init/upstart/docker.conf
++++ b/contrib/init/upstart/docker.conf
+@@ -28,6 +28,10 @@ pre-start script
+ 			fi
+ 		done
+ 	)
++	# Cleanup any stale mounts left from previous shutdown
++	# see https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1404300
++	grep "mapper/docker" /proc/mounts | awk '{ print $2 }' | \
++		xargs -r umount || true
+ end script
+ 
+ script
diff --git a/debian/patches/dockerversion-to-autogen-go-rename.patch b/debian/patches/dockerversion-to-autogen-go-rename.patch
new file mode 100644
index 0000000..94ca18b
--- /dev/null
+++ b/debian/patches/dockerversion-to-autogen-go-rename.patch
@@ -0,0 +1,113 @@
+From 01562c7362ef0b6a3f981d42c985e412b0cc9ff2 Mon Sep 17 00:00:00 2001
+From: Tianon Gravi <admwiggin@gmail.com>
+Date: Tue, 3 Mar 2015 12:41:26 -0700
+Subject: [PATCH] Rename .dockerversion to .go-autogen so it's clear that all
+ autogenerated code goes here
+
+Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
+
+Origin: upstream, https://github.com/docker/docker/commit/01562c7362ef0b6a3f981d42c985e412b0cc9ff2
+Last-Update: 2015-03-27
+---
+ project/make.sh             |  2 +-
+ project/make/.dockerinit    |  2 +-
+ project/make/.dockerversion | 24 ------------------------
+ project/make/.go-autogen    | 18 ++++++++++++++++++
+ project/make/binary         |  2 +-
+ 5 files changed, 21 insertions(+), 27 deletions(-)
+ delete mode 100644 project/make/.dockerversion
+ create mode 100644 project/make/.go-autogen
+
+diff --git a/project/make.sh b/project/make.sh
+index 50055c0..99b20ba 100755
+--- a/project/make.sh
++++ b/project/make.sh
+@@ -97,7 +97,7 @@ fi
+ # Use these flags when compiling the tests and final binary
+ 
+ IAMSTATIC='true'
+-source "$(dirname "$BASH_SOURCE")/make/.dockerversion"
++source "$(dirname "$BASH_SOURCE")/make/.go-autogen"
+ LDFLAGS='-w'
+ 
+ LDFLAGS_STATIC='-linkmode external'
+diff --git a/project/make/.dockerinit b/project/make/.dockerinit
+index 0f51fce..f98158d 100644
+--- a/project/make/.dockerinit
++++ b/project/make/.dockerinit
+@@ -2,7 +2,7 @@
+ set -e
+ 
+ IAMSTATIC="true"
+-source "$(dirname "$BASH_SOURCE")/.dockerversion"
++source "$(dirname "$BASH_SOURCE")/.go-autogen"
+ 
+ # dockerinit still needs to be a static binary, even if docker is dynamic
+ go build \
+diff --git a/project/make/.dockerversion b/project/make/.dockerversion
+deleted file mode 100644
+index c96ff06..0000000
+--- a/project/make/.dockerversion
++++ /dev/null
+@@ -1,24 +0,0 @@
+-#!/bin/bash
+-
+-rm -rf autogen
+-mkdir -p autogen/dockerversion
+-cat > autogen/dockerversion/dockerversion.go <<EOF
+-// AUTOGENERATED FILE; see $BASH_SOURCE
+-package dockerversion
+-
+-var (
+-	GITCOMMIT string = "$GITCOMMIT"
+-	VERSION   string = "$VERSION"
+-)
+-EOF
+-
+-cat > autogen/dockerversion/static.go <<EOF
+-// AUTOGENERATED FILE; see $BASH_SOURCE
+-package dockerversion
+-
+-var (
+-	IAMSTATIC string = "${IAMSTATIC:-true}"
+-	INITSHA1  string = "$DOCKER_INITSHA1"
+-	INITPATH  string = "$DOCKER_INITPATH"
+-)
+-EOF
+diff --git a/project/make/.go-autogen b/project/make/.go-autogen
+new file mode 100644
+index 0000000..1b48f61
+--- /dev/null
++++ b/project/make/.go-autogen
+@@ -0,0 +1,18 @@
++#!/bin/bash
++
++rm -rf autogen
++
++mkdir -p autogen/dockerversion
++cat > autogen/dockerversion/dockerversion.go <<EOF
++// AUTOGENERATED FILE; see $BASH_SOURCE
++package dockerversion
++
++var (
++	GITCOMMIT string = "$GITCOMMIT"
++	VERSION   string = "$VERSION"
++
++	IAMSTATIC string = "${IAMSTATIC:-true}"
++	INITSHA1  string = "$DOCKER_INITSHA1"
++	INITPATH  string = "$DOCKER_INITPATH"
++)
++EOF
+diff --git a/project/make/binary b/project/make/binary
+index edc38a6..06d640d 100755
+--- a/project/make/binary
++++ b/project/make/binary
+@@ -11,7 +11,7 @@ if [[ "$(uname -s)" == CYGWIN* ]]; then
+ 	DEST=$(cygpath -mw $DEST)
+ fi
+ 
+-source "$(dirname "$BASH_SOURCE")/.dockerversion"
++source "$(dirname "$BASH_SOURCE")/.go-autogen"
+ 
+ go build \
+ 	-o "$DEST/$BINARY_FULLNAME" \
diff --git a/debian/patches/enable-gccgo-build-v2.patch b/debian/patches/enable-gccgo-build-v2.patch
new file mode 100644
index 0000000..98b96de
--- /dev/null
+++ b/debian/patches/enable-gccgo-build-v2.patch
@@ -0,0 +1,129 @@
+From b34e0cd5e8511f388e5d2150559ec80a99a32d79 Mon Sep 17 00:00:00 2001
+From: Pradipta Kumar <pradipta.banerjee@gmail.com>
+Date: Tue, 17 Mar 2015 14:46:25 +0000
+Subject: [PATCH] Enable gccgo build support. The build needs to be run as for
+ dynamic binary - ./project/make.sh dyngccgo for static binary -
+ ./project/make.sh gccgo
+
+
+Origin: upstream, https://github.com/docker/docker/commit/b34e0cd5e8511f388e5d2150559ec80a99a32d79
+Last-Update: 2015-03-27
+---
+ project/make/.dockerinit-gccgo         | 29 +++++++++++++++++++++++++++++
+ project/make/.integration-daemon-start |  2 +-
+ project/make/dyngccgo                  | 23 +++++++++++++++++++++++
+ project/make/gccgo                     | 26 ++++++++++++++++++++++++++
+ 4 files changed, 79 insertions(+), 1 deletion(-)
+ create mode 100644 project/make/.dockerinit-gccgo
+ create mode 100644 project/make/dyngccgo
+ create mode 100644 project/make/gccgo
+
+diff --git a/project/make/.dockerinit-gccgo b/project/make/.dockerinit-gccgo
+new file mode 100644
+index 0000000..637d1fd
+--- /dev/null
++++ b/project/make/.dockerinit-gccgo
+@@ -0,0 +1,29 @@
++#!/bin/bash
++set -e
++
++IAMSTATIC="true"
++source "$(dirname "$BASH_SOURCE")/.go-autogen"
++
++go build --compiler=gccgo \
++	-o "$DEST/dockerinit-$VERSION" \
++	"${BUILDFLAGS[@]}" \
++	--gccgoflags "
++		-g
++		-Wl,--no-export-dynamic
++		$EXTLDFLAGS_STATIC_DOCKER
++	" \
++	./dockerinit
++
++echo "Created binary: $DEST/dockerinit-$VERSION"
++ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
++
++sha1sum=
++if command -v sha1sum &> /dev/null; then
++	sha1sum=sha1sum
++else
++	echo >&2 'error: cannot find sha1sum command or equivalent'
++	exit 1
++fi
++
++# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
++export DOCKER_INITSHA1="$($sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)"
+diff --git a/project/make/.integration-daemon-start b/project/make/.integration-daemon-start
+index f00bb63..8bd406b 100644
+--- a/project/make/.integration-daemon-start
++++ b/project/make/.integration-daemon-start
+@@ -2,7 +2,7 @@
+ 
+ # see test-integration-cli for example usage of this script
+ 
+-export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH"
++export PATH="$DEST/../binary:$DEST/../dynbinary:$DEST/../gccgo:$PATH"
+ 
+ if ! command -v docker &> /dev/null; then
+ 	echo >&2 'error: binary or dynbinary must be run before .integration-daemon-start'
+diff --git a/project/make/dyngccgo b/project/make/dyngccgo
+new file mode 100644
+index 0000000..e4ccad1
+--- /dev/null
++++ b/project/make/dyngccgo
+@@ -0,0 +1,23 @@
++#!/bin/bash
++set -e 
++
++DEST=$1
++
++if [ -z "$DOCKER_CLIENTONLY" ]; then
++	source "$(dirname "$BASH_SOURCE")/.dockerinit-gccgo"
++	
++	hash_files "$DEST/dockerinit-$VERSION"
++else
++	# DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :)
++	export DOCKER_INITSHA1=""
++fi
++# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
++
++(
++	export IAMSTATIC="false"
++	export EXTLDFLAGS_STATIC_DOCKER=''
++	export LDFLAGS_STATIC_DOCKER=''
++	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
++	export BUILDFLAGS=( "${BUILDFLAGS[@]/static_build /}" ) # we're not building a "static" binary here
++	source "$(dirname "$BASH_SOURCE")/gccgo"
++)
+diff --git a/project/make/gccgo b/project/make/gccgo
+new file mode 100644
+index 0000000..8ba5ede
+--- /dev/null
++++ b/project/make/gccgo
+@@ -0,0 +1,26 @@
++#!/bin/bash
++set -e
++
++DEST=$1
++BINARY_NAME="docker-$VERSION"
++BINARY_EXTENSION="$(binary_extension)"
++BINARY_FULLNAME="$BINARY_NAME$BINARY_EXTENSION"
++
++source "$(dirname "$BASH_SOURCE")/.go-autogen"
++
++go build --compiler=gccgo \
++	-o "$DEST/$BINARY_FULLNAME" \
++	"${BUILDFLAGS[@]}" \
++	--gccgoflags "
++		-g
++		$EXTLDFLAGS_STATIC_DOCKER
++		-Wl,--no-export-dynamic
++		-ldl
++	" \
++	./docker
++
++
++echo "Created binary: $DEST/$BINARY_FULLNAME"
++ln -sf "$BINARY_FULLNAME" "$DEST/docker$BINARY_EXTENSION"
++
++hash_files "$DEST/$BINARY_FULLNAME"
diff --git a/debian/patches/fix-build-dir-autogen.patch b/debian/patches/fix-build-dir-autogen.patch
new file mode 100644
index 0000000..48f66d0
--- /dev/null
+++ b/debian/patches/fix-build-dir-autogen.patch
@@ -0,0 +1,26 @@
+Description: output generated files directly into build directory
+ Since we build files in a different directory, the build system does
+ not pick up the generated file since it has already copied the sources
+ out. So as a hack for now, write the generated files straight into the
+ build directory from where they will be read.
+Author: Robie Basak <robie.basak@canonical.com>
+Forwarded: no
+Last-Update: 2015-04-01
+
+--- a/project/make/.go-autogen
++++ b/project/make/.go-autogen
+@@ -1,9 +1,11 @@
+ #!/bin/bash
+ 
+-rm -rf autogen
++BUILDDIR=$GOPATH/src/github.com/docker/docker
+ 
+-mkdir -p autogen/dockerversion
+-cat > autogen/dockerversion/dockerversion.go <<EOF
++rm -rf $BUILDDIR/autogen
++
++mkdir -p $BUILDDIR/autogen/dockerversion
++cat > $BUILDDIR/autogen/dockerversion/dockerversion.go <<EOF
+ // AUTOGENERATED FILE; see $BASH_SOURCE
+ package dockerversion
+ 
diff --git a/debian/patches/fix-dynbinary-for-autogen.patch b/debian/patches/fix-dynbinary-for-autogen.patch
new file mode 100644
index 0000000..52eca37
--- /dev/null
+++ b/debian/patches/fix-dynbinary-for-autogen.patch
@@ -0,0 +1,25 @@
+From 0d90118a7d8351977deb0163eb30bf1ebdbaf281 Mon Sep 17 00:00:00 2001
+From: Tianon Gravi <admwiggin@gmail.com>
+Date: Mon, 23 Feb 2015 11:19:51 -0700
+Subject: [PATCH] Fix dynbinary with new autogen code
+
+Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
+
+Origin: upstream, https://github.com/docker/docker/commit/0d90118a7d83
+Last-Update: 2015-03-27
+---
+ project/make/dynbinary | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/project/make/dynbinary b/project/make/dynbinary
+index 45d553f..f1594d3 100644
+--- a/project/make/dynbinary
++++ b/project/make/dynbinary
+@@ -15,6 +15,7 @@ fi
+ 
+ (
+ 	export IAMSTATIC="false"
++	export LDFLAGS_STATIC_DOCKER=''
+ 	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
+ 	source "$(dirname "$BASH_SOURCE")/binary"
+ )
diff --git a/debian/patches/remove-X-flag-autogenerate-dockerversion.patch b/debian/patches/remove-X-flag-autogenerate-dockerversion.patch
new file mode 100644
index 0000000..6dd5e73
--- /dev/null
+++ b/debian/patches/remove-X-flag-autogenerate-dockerversion.patch
@@ -0,0 +1,336 @@
+From 98c0f34718d3f1b47e3266d2aa629713f28ce62c Mon Sep 17 00:00:00 2001
+From: Srini Brahmaroutu <srbrahma@us.ibm.com>
+Date: Wed, 4 Feb 2015 21:22:38 +0000
+Subject: [PATCH] Removing -X flag option and autogenerated code to create
+ Dockerversion.go functionality Addresses #9207
+
+Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
+
+Origin: upstream, https://github.com/docker/docker/commit/98c0f34718d3f1b47e3266d2aa629713f28ce62c
+Bug: https://github.com/docker/docker/issues/9207
+Last-Update: 2015-03-27
+---
+ .gitignore                     |  1 +
+ api/client/commands.go         |  2 +-
+ api/client/hijack.go           |  2 +-
+ api/client/utils.go            |  2 +-
+ builtins/builtins.go           |  2 +-
+ daemon/daemon.go               |  2 +-
+ daemon/info.go                 |  2 +-
+ docker/daemon.go               |  2 +-
+ docker/docker.go               |  2 +-
+ dockerversion/dockerversion.go | 15 ---------------
+ graph/graph.go                 |  2 +-
+ integration/graph_test.go      |  2 +-
+ project/make.sh                | 11 +++--------
+ project/make/.dockerinit       |  3 +++
+ project/make/.dockerversion    | 24 ++++++++++++++++++++++++
+ project/make/binary            |  2 ++
+ project/make/dynbinary         |  2 +-
+ registry/httpfactory.go        |  2 +-
+ utils/utils.go                 |  2 +-
+ 19 files changed, 46 insertions(+), 36 deletions(-)
+ delete mode 100644 dockerversion/dockerversion.go
+ create mode 100644 project/make/.dockerversion
+
+diff --git a/.gitignore b/.gitignore
+index 49fa58a..69ad056 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -29,3 +29,4 @@ docs/GIT_BRANCH
+ docs/VERSION
+ docs/GITCOMMIT
+ docs/changed-files
++autogen/
+diff --git a/api/client/commands.go b/api/client/commands.go
+index c4ce5e0..723fca2 100644
+--- a/api/client/commands.go
++++ b/api/client/commands.go
+@@ -27,7 +27,7 @@ import (
+ 	log "github.com/Sirupsen/logrus"
+ 	"github.com/docker/docker/api"
+ 	"github.com/docker/docker/api/stats"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	"github.com/docker/docker/graph"
+ 	"github.com/docker/docker/nat"
+diff --git a/api/client/hijack.go b/api/client/hijack.go
+index bb90240..4f89c3a 100644
+--- a/api/client/hijack.go
++++ b/api/client/hijack.go
+@@ -15,7 +15,7 @@ import (
+ 
+ 	log "github.com/Sirupsen/logrus"
+ 	"github.com/docker/docker/api"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/pkg/promise"
+ 	"github.com/docker/docker/pkg/stdcopy"
+ 	"github.com/docker/docker/pkg/term"
+diff --git a/api/client/utils.go b/api/client/utils.go
+index 86e221e..103bfde 100644
+--- a/api/client/utils.go
++++ b/api/client/utils.go
+@@ -17,7 +17,7 @@ import (
+ 
+ 	log "github.com/Sirupsen/logrus"
+ 	"github.com/docker/docker/api"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	"github.com/docker/docker/pkg/signal"
+ 	"github.com/docker/docker/pkg/stdcopy"
+diff --git a/builtins/builtins.go b/builtins/builtins.go
+index 41bb249..1bd9362 100644
+--- a/builtins/builtins.go
++++ b/builtins/builtins.go
+@@ -5,8 +5,8 @@ import (
+ 
+ 	"github.com/docker/docker/api"
+ 	apiserver "github.com/docker/docker/api/server"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/daemon/networkdriver/bridge"
+-	"github.com/docker/docker/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	"github.com/docker/docker/events"
+ 	"github.com/docker/docker/pkg/parsers/kernel"
+diff --git a/daemon/daemon.go b/daemon/daemon.go
+index c9a730b..0bdcbe4 100644
+--- a/daemon/daemon.go
++++ b/daemon/daemon.go
+@@ -18,6 +18,7 @@ import (
+ 
+ 	log "github.com/Sirupsen/logrus"
+ 	"github.com/docker/docker/api"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/daemon/execdriver"
+ 	"github.com/docker/docker/daemon/execdriver/execdrivers"
+ 	"github.com/docker/docker/daemon/execdriver/lxc"
+@@ -25,7 +26,6 @@ import (
+ 	_ "github.com/docker/docker/daemon/graphdriver/vfs"
+ 	_ "github.com/docker/docker/daemon/networkdriver/bridge"
+ 	"github.com/docker/docker/daemon/networkdriver/portallocator"
+-	"github.com/docker/docker/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	"github.com/docker/docker/graph"
+ 	"github.com/docker/docker/image"
+diff --git a/daemon/info.go b/daemon/info.go
+index 8eb4358..f0fc124 100644
+--- a/daemon/info.go
++++ b/daemon/info.go
+@@ -5,7 +5,7 @@ import (
+ 	"runtime"
+ 
+ 	log "github.com/Sirupsen/logrus"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	"github.com/docker/docker/pkg/parsers/kernel"
+ 	"github.com/docker/docker/pkg/parsers/operatingsystem"
+diff --git a/docker/daemon.go b/docker/daemon.go
+index 0923997..b8fb10c 100644
+--- a/docker/daemon.go
++++ b/docker/daemon.go
+@@ -9,12 +9,12 @@ import (
+ 	"path/filepath"
+ 
+ 	log "github.com/Sirupsen/logrus"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/builder"
+ 	"github.com/docker/docker/builtins"
+ 	"github.com/docker/docker/daemon"
+ 	_ "github.com/docker/docker/daemon/execdriver/lxc"
+ 	_ "github.com/docker/docker/daemon/execdriver/native"
+-	"github.com/docker/docker/dockerversion"
+ 	"github.com/docker/docker/engine"
+ 	flag "github.com/docker/docker/pkg/mflag"
+ 	"github.com/docker/docker/pkg/signal"
+diff --git a/docker/docker.go b/docker/docker.go
+index 80d5e13..a9b3156 100644
+--- a/docker/docker.go
++++ b/docker/docker.go
+@@ -11,7 +11,7 @@ import (
+ 	log "github.com/Sirupsen/logrus"
+ 	"github.com/docker/docker/api"
+ 	"github.com/docker/docker/api/client"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	flag "github.com/docker/docker/pkg/mflag"
+ 	"github.com/docker/docker/pkg/reexec"
+ 	"github.com/docker/docker/utils"
+diff --git a/dockerversion/dockerversion.go b/dockerversion/dockerversion.go
+deleted file mode 100644
+index 1898d5c..0000000
+--- a/dockerversion/dockerversion.go
++++ /dev/null
+@@ -1,15 +0,0 @@
+-package dockerversion
+-
+-// FIXME: this should be embedded in the docker/docker.go,
+-// but we can't because distro policy requires us to
+-// package a separate dockerinit binary, and that binary needs
+-// to know its version too.
+-
+-var (
+-	GITCOMMIT string
+-	VERSION   string
+-
+-	IAMSTATIC string // whether or not Docker itself was compiled statically via ./hack/make.sh binary ("true" or not "true")
+-	INITSHA1  string // sha1sum of separate static dockerinit, if Docker itself was compiled dynamically via ./hack/make.sh dynbinary
+-	INITPATH  string // custom location to search for a valid dockerinit binary (available for packagers as a last resort escape hatch)
+-)
+diff --git a/graph/graph.go b/graph/graph.go
+index f7b9fc4..e05a11f 100644
+--- a/graph/graph.go
++++ b/graph/graph.go
+@@ -13,8 +13,8 @@ import (
+ 	"time"
+ 
+ 	log "github.com/Sirupsen/logrus"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/daemon/graphdriver"
+-	"github.com/docker/docker/dockerversion"
+ 	"github.com/docker/docker/image"
+ 	"github.com/docker/docker/pkg/archive"
+ 	"github.com/docker/docker/pkg/truncindex"
+diff --git a/integration/graph_test.go b/integration/graph_test.go
+index 56e5a90..3c4ce04 100644
+--- a/integration/graph_test.go
++++ b/integration/graph_test.go
+@@ -2,8 +2,8 @@ package docker
+ 
+ import (
+ 	"errors"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/daemon/graphdriver"
+-	"github.com/docker/docker/dockerversion"
+ 	"github.com/docker/docker/graph"
+ 	"github.com/docker/docker/image"
+ 	"github.com/docker/docker/pkg/archive"
+diff --git a/project/make.sh b/project/make.sh
+index 4cbc195..50055c0 100755
+--- a/project/make.sh
++++ b/project/make.sh
+@@ -95,14 +95,10 @@ if [ -z "$DOCKER_CLIENTONLY" ]; then
+ fi
+ 
+ # Use these flags when compiling the tests and final binary
+-LDFLAGS='
+-	-X '$DOCKER_PKG'/dockerversion.GITCOMMIT "'$GITCOMMIT'"
+-	-X '$DOCKER_PKG'/dockerversion.VERSION "'$VERSION'"
+-'
+ 
+-if [ -z "$DEBUG" ]; then
+-	LDFLAGS="-w $LDFLAGS"
+-fi
++IAMSTATIC='true'
++source "$(dirname "$BASH_SOURCE")/make/.dockerversion"
++LDFLAGS='-w'
+ 
+ LDFLAGS_STATIC='-linkmode external'
+ # Cgo -H windows is incompatible with -linkmode external.
+@@ -124,7 +120,6 @@ TESTFLAGS+=" -test.timeout=${TIMEOUT}"
+ EXTLDFLAGS_STATIC_DOCKER="$EXTLDFLAGS_STATIC -lpthread -Wl,--unresolved-symbols=ignore-in-object-files"
+ LDFLAGS_STATIC_DOCKER="
+ 	$LDFLAGS_STATIC
+-	-X $DOCKER_PKG/dockerversion.IAMSTATIC true
+ 	-extldflags \"$EXTLDFLAGS_STATIC_DOCKER\"
+ "
+ 
+diff --git a/project/make/.dockerinit b/project/make/.dockerinit
+index 73df8fc..0f51fce 100644
+--- a/project/make/.dockerinit
++++ b/project/make/.dockerinit
+@@ -1,6 +1,9 @@
+ #!/bin/bash
+ set -e
+ 
++IAMSTATIC="true"
++source "$(dirname "$BASH_SOURCE")/.dockerversion"
++
+ # dockerinit still needs to be a static binary, even if docker is dynamic
+ go build \
+ 	-o "$DEST/dockerinit-$VERSION" \
+diff --git a/project/make/.dockerversion b/project/make/.dockerversion
+new file mode 100644
+index 0000000..c96ff06
+--- /dev/null
++++ b/project/make/.dockerversion
+@@ -0,0 +1,24 @@
++#!/bin/bash
++
++rm -rf autogen
++mkdir -p autogen/dockerversion
++cat > autogen/dockerversion/dockerversion.go <<EOF
++// AUTOGENERATED FILE; see $BASH_SOURCE
++package dockerversion
++
++var (
++	GITCOMMIT string = "$GITCOMMIT"
++	VERSION   string = "$VERSION"
++)
++EOF
++
++cat > autogen/dockerversion/static.go <<EOF
++// AUTOGENERATED FILE; see $BASH_SOURCE
++package dockerversion
++
++var (
++	IAMSTATIC string = "${IAMSTATIC:-true}"
++	INITSHA1  string = "$DOCKER_INITSHA1"
++	INITPATH  string = "$DOCKER_INITPATH"
++)
++EOF
+diff --git a/project/make/binary b/project/make/binary
+index c0cc345..edc38a6 100755
+--- a/project/make/binary
++++ b/project/make/binary
+@@ -11,6 +11,8 @@ if [[ "$(uname -s)" == CYGWIN* ]]; then
+ 	DEST=$(cygpath -mw $DEST)
+ fi
+ 
++source "$(dirname "$BASH_SOURCE")/.dockerversion"
++
+ go build \
+ 	-o "$DEST/$BINARY_FULLNAME" \
+ 	"${BUILDFLAGS[@]}" \
+diff --git a/project/make/dynbinary b/project/make/dynbinary
+index 39fcd35..45d553f 100644
+--- a/project/make/dynbinary
++++ b/project/make/dynbinary
+@@ -14,7 +14,7 @@ fi
+ # DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
+ 
+ (
+-	export LDFLAGS_STATIC_DOCKER="-X $DOCKER_PKG/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\" -X $DOCKER_PKG/dockerversion.INITPATH \"$DOCKER_INITPATH\""
++	export IAMSTATIC="false"
+ 	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
+ 	source "$(dirname "$BASH_SOURCE")/binary"
+ )
+diff --git a/registry/httpfactory.go b/registry/httpfactory.go
+index 4c78436..a4fea38 100644
+--- a/registry/httpfactory.go
++++ b/registry/httpfactory.go
+@@ -3,7 +3,7 @@ package registry
+ import (
+ 	"runtime"
+ 
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/pkg/parsers/kernel"
+ 	"github.com/docker/docker/utils"
+ )
+diff --git a/utils/utils.go b/utils/utils.go
+index 2447d11..8858608 100644
+--- a/utils/utils.go
++++ b/utils/utils.go
+@@ -21,7 +21,7 @@ import (
+ 	"sync"
+ 
+ 	log "github.com/Sirupsen/logrus"
+-	"github.com/docker/docker/dockerversion"
++	"github.com/docker/docker/autogen/dockerversion"
+ 	"github.com/docker/docker/pkg/archive"
+ 	"github.com/docker/docker/pkg/fileutils"
+ 	"github.com/docker/docker/pkg/ioutils"
diff --git a/debian/patches/series b/debian/patches/series
index 28ba0fc..6e172f3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,17 @@ fatal-error-old-kernels.patch
 # Once upstream adds EnvFile, remove this patch.
 change-system-unit-env-file.patch
 # See also https://github.com/docker/docker/pull/7220#issuecomment-50076589
+
+# Ubuntu apparmor alignment with LXC
+sync-apparmor-with-lxc.patch
+
+# Device mapper cleanup on startup
+device-mapper-cleanup.patch
+
+# gccgo build support
+remove-X-flag-autogenerate-dockerversion.patch
+enable-gccgo-build-v2.patch
+dockerversion-to-autogen-go-rename.patch
+fix-build-dir-autogen.patch
+fix-dynbinary-for-autogen.patch
+arm64-support.patch
diff --git a/debian/patches/sync-apparmor-with-lxc.patch b/debian/patches/sync-apparmor-with-lxc.patch
new file mode 100644
index 0000000..d0da6d8
--- /dev/null
+++ b/debian/patches/sync-apparmor-with-lxc.patch
@@ -0,0 +1,175 @@
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: sync AppArmor policy up with current LXC/libvirt-lxc policy
+Forwarded: https://github.com/docker/libcontainer/pull/256
+Origin: https://github.com/jdstrand/libcontainer
+
+Index: docker.io-1.2.0~dfsg1/libcontainer/apparmor/gen.go
+===================================================================
+--- docker.io-1.2.0~dfsg1.orig/libcontainer/apparmor/gen.go
++++ docker.io-1.2.0~dfsg1/libcontainer/apparmor/gen.go
+@@ -22,40 +22,147 @@ profile {{.Name}} flags=(attach_disconne
+   {{$value}}
+ {{end}}
+ 
+-  network,
+-  capability,
++  # Globally allows everything to run under this profile. This is fine-tuned
++  # later
++  # in this profile and can be narrowed depending on the container's use.
+   file,
++  capability,
++  network,
++
++  # the container may never be allowed to mount devpts.  If it does, it
++  # will remount the host's devpts.  We could allow it to do it with
++  # the newinstance option (but, right now, we don't).
++  deny mount fstype=devpts,
++
+   umount,
+ 
++  # This also needs additional rules to reach outside of the container via
++  # DBus, so just let all of DBus within the container.
++  dbus,
++
++  # Allow us to ptrace ourselves
++  ptrace peer=@{profile_name},
++
++  # ignore DENIED message on / remount
++  deny mount options=(ro, remount) -> /,
++  deny mount options=(ro, remount, silent) -> /,
++
++  # allow tmpfs mounts everywhere
+   mount fstype=tmpfs,
++
++  # allow hugetlbfs mounts everywhere
++  mount fstype=hugetlbfs,
++
++  # allow mqueue mounts everywhere
+   mount fstype=mqueue,
++
++  # allow fuse mounts everywhere
+   mount fstype=fuse.*,
++
++  # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
+   mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
++  deny @{PROC}/sys/fs/** wklx,
++
++  # allow efivars to be mounted, writing to it will be blocked though
+   mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
+-  mount fstype=fusectl -> /sys/fs/fuse/connections/,
+-  mount fstype=securityfs -> /sys/kernel/security/,
+-  mount fstype=debugfs -> /sys/kernel/debug/,
+-  mount fstype=proc -> /proc/,
+-  mount fstype=sysfs -> /sys/,
+ 
+-  deny @{PROC}/sys/fs/** wklx,
++  # block some other dangerous paths
+   deny @{PROC}/sysrq-trigger rwklx,
+   deny @{PROC}/mem rwklx,
+   deny @{PROC}/kmem rwklx,
+-  deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
+-  deny @{PROC}/sys/kernel/*/** wklx,
+ 
+-  deny mount options=(ro, remount) -> /,
++  # deny writes in /sys except for /sys/fs/cgroup, also allow
++  # fusectl, securityfs and debugfs to be mounted there (read-only)
++  mount fstype=fusectl -> /sys/fs/fuse/connections/,
++  mount fstype=securityfs -> /sys/kernel/security/,
++  mount fstype=debugfs -> /sys/kernel/debug/,
+   deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
+-  deny mount fstype=devpts,
+-
+-  deny /sys/[^f]*/** wklx,
+-  deny /sys/f[^s]*/** wklx,
+-  deny /sys/fs/[^c]*/** wklx,
+-  deny /sys/fs/c[^g]*/** wklx,
+-  deny /sys/fs/cg[^r]*/** wklx,
++  mount fstype=proc -> /proc/,
++  mount fstype=sysfs -> /sys/,
+   deny /sys/firmware/efi/efivars/** rwklx,
+   deny /sys/kernel/security/** rwklx,
++  mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
++
++  mount options=(rw nosuid nodev noexec remount) -> /sys/,
++  mount options=(rw remount) -> /sys/kernel/security/,
++  mount options=(rw remount) -> /sys/fs/pstore/,
++  mount options=(ro remount) -> /sys/fs/pstore/,
++
++  deny /proc/sys/[^kn]*{,/**} wklx,
++  deny /proc/sys/k[^e]*{,/**} wklx,
++  deny /proc/sys/ke[^r]*{,/**} wklx,
++  deny /proc/sys/ker[^n]*{,/**} wklx,
++  deny /proc/sys/kern[^e]*{,/**} wklx,
++  deny /proc/sys/kerne[^l]*{,/**} wklx,
++  deny /proc/sys/kernel/[^smhd]*{,/**} wklx,
++  deny /proc/sys/kernel/d[^o]*{,/**} wklx,
++  deny /proc/sys/kernel/do[^m]*{,/**} wklx,
++  deny /proc/sys/kernel/dom[^a]*{,/**} wklx,
++  deny /proc/sys/kernel/doma[^i]*{,/**} wklx,
++  deny /proc/sys/kernel/domai[^n]*{,/**} wklx,
++  deny /proc/sys/kernel/domain[^n]*{,/**} wklx,
++  deny /proc/sys/kernel/domainn[^a]*{,/**} wklx,
++  deny /proc/sys/kernel/domainna[^m]*{,/**} wklx,
++  deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx,
++  deny /proc/sys/kernel/domainname?*{,/**} wklx,
++  deny /proc/sys/kernel/h[^o]*{,/**} wklx,
++  deny /proc/sys/kernel/ho[^s]*{,/**} wklx,
++  deny /proc/sys/kernel/hos[^t]*{,/**} wklx,
++  deny /proc/sys/kernel/host[^n]*{,/**} wklx,
++  deny /proc/sys/kernel/hostn[^a]*{,/**} wklx,
++  deny /proc/sys/kernel/hostna[^m]*{,/**} wklx,
++  deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx,
++  deny /proc/sys/kernel/hostname?*{,/**} wklx,
++  deny /proc/sys/kernel/m[^s]*{,/**} wklx,
++  deny /proc/sys/kernel/ms[^g]*{,/**} wklx,
++  deny /proc/sys/kernel/msg*/** wklx,
++  deny /proc/sys/kernel/s[^he]*{,/**} wklx,
++  deny /proc/sys/kernel/se[^m]*{,/**} wklx,
++  deny /proc/sys/kernel/sem*/** wklx,
++  deny /proc/sys/kernel/sh[^m]*{,/**} wklx,
++  deny /proc/sys/kernel/shm*/** wklx,
++  deny /proc/sys/kernel?*{,/**} wklx,
++  deny /proc/sys/n[^e]*{,/**} wklx,
++  deny /proc/sys/ne[^t]*{,/**} wklx,
++  deny /proc/sys/net?*{,/**} wklx,
++  deny /sys/[^fdc]*{,/**} wklx,
++  deny /sys/c[^l]*{,/**} wklx,
++  deny /sys/cl[^a]*{,/**} wklx,
++  deny /sys/cla[^s]*{,/**} wklx,
++  deny /sys/clas[^s]*{,/**} wklx,
++  deny /sys/class/[^n]*{,/**} wklx,
++  deny /sys/class/n[^e]*{,/**} wklx,
++  deny /sys/class/ne[^t]*{,/**} wklx,
++  deny /sys/class/net?*{,/**} wklx,
++  deny /sys/class?*{,/**} wklx,
++  deny /sys/d[^e]*{,/**} wklx,
++  deny /sys/de[^v]*{,/**} wklx,
++  deny /sys/dev[^i]*{,/**} wklx,
++  deny /sys/devi[^c]*{,/**} wklx,
++  deny /sys/devic[^e]*{,/**} wklx,
++  deny /sys/device[^s]*{,/**} wklx,
++  deny /sys/devices/[^v]*{,/**} wklx,
++  deny /sys/devices/v[^i]*{,/**} wklx,
++  deny /sys/devices/vi[^r]*{,/**} wklx,
++  deny /sys/devices/vir[^t]*{,/**} wklx,
++  deny /sys/devices/virt[^u]*{,/**} wklx,
++  deny /sys/devices/virtu[^a]*{,/**} wklx,
++  deny /sys/devices/virtua[^l]*{,/**} wklx,
++  deny /sys/devices/virtual/[^n]*{,/**} wklx,
++  deny /sys/devices/virtual/n[^e]*{,/**} wklx,
++  deny /sys/devices/virtual/ne[^t]*{,/**} wklx,
++  deny /sys/devices/virtual/net?*{,/**} wklx,
++  deny /sys/devices/virtual?*{,/**} wklx,
++  deny /sys/devices?*{,/**} wklx,
++  deny /sys/f[^s]*{,/**} wklx,
++  deny /sys/fs/[^c]*{,/**} wklx,
++  deny /sys/fs/c[^g]*{,/**} wklx,
++  deny /sys/fs/cg[^r]*{,/**} wklx,
++  deny /sys/fs/cgr[^o]*{,/**} wklx,
++  deny /sys/fs/cgro[^u]*{,/**} wklx,
++  deny /sys/fs/cgrou[^p]*{,/**} wklx,
++  deny /sys/fs/cgroup?*{,/**} wklx,
++  deny /sys/fs?*{,/**} wklx,
+ }
+ `
+ 
diff --git a/debian/rules b/debian/rules
index 08247a1..86c1d3e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,6 +20,12 @@ DOCKER_VERSION = $(shell cat VERSION)
 export DOCKER_GITCOMMIT := $(shell ./debian/helpers/gitcommit.sh $(DOCKER_VERSION))
 export DOCKER_INITPATH := ${INITPATH}
 
+ifneq (,$(filter $(DEB_HOST_ARCH), arm64 powerpc ppc64el))
+    DOCKER_BUILD_TARGET = dyngccgo
+else
+    DOCKER_BUILD_TARGET = dynbinary
+endif
+
 
 # see https://github.com/docker/docker/blob/v1.5.0/project/PACKAGERS.md#build-dependencies
 # and https://github.com/docker/docker/blob/v1.5.0/project/PACKAGERS.md#docker_buildtags
@@ -48,7 +54,7 @@ override_dh_auto_build:
 	ln -sf "$$(readlink -f libcontainer)" "$(GOPATH)/src/$(dir $(LIBCONTAINER_GOPKG))"
 	ln -sf "$$(readlink -f libtrust)" "$(GOPATH)/src/$(dir $(LIBTRUST_GOPKG))"
 	
-	./hack/make.sh dynbinary
+	./hack/make.sh $(DOCKER_BUILD_TARGET)
 	
 	# compile man pages
 	./docs/man/md2man-all.sh
@@ -59,11 +65,11 @@ override_dh_auto_install:
 	
 	# install docker binary
 	mkdir -p debian/docker.io/usr/bin
-	mv bundles/${DOCKER_VERSION}/dynbinary/docker-${DOCKER_VERSION} debian/docker.io/usr/bin/docker
+	mv bundles/${DOCKER_VERSION}/${DOCKER_BUILD_TARGET}/docker-${DOCKER_VERSION} debian/docker.io/usr/bin/docker
 	
 	# install dockerinit binary
 	mkdir -p debian/docker.io/${INITDIR}
-	mv bundles/${DOCKER_VERSION}/dynbinary/dockerinit-${DOCKER_VERSION} debian/docker.io/${INITPATH}
+	mv bundles/${DOCKER_VERSION}/${DOCKER_BUILD_TARGET}/dockerinit-${DOCKER_VERSION} debian/docker.io/${INITPATH}
 	
 	# Most of the source of docker does not make a library,
 	#   so only ship the reusable parts (and in a separate package).