diff -Nru libvirt-0.9.2/debian/changelog libvirt-0.9.2/debian/changelog
--- libvirt-0.9.2/debian/changelog	2011-08-16 13:31:35.000000000 -0400
+++ libvirt-0.9.2/debian/changelog	2011-08-17 13:39:14.000000000 -0400
@@ -1,3 +1,9 @@
+libvirt (0.9.2-4ubuntu12) natty; urgency=low
+
+  * do not rely on 'ip' or 'ifconfig' commands inside container (LP: #828211)
+
+ -- Scott Moser <smoser@ubuntu.com>  Wed, 17 Aug 2011 13:28:16 -0400
+
 libvirt (0.9.2-4ubuntu11) oneiric; urgency=low
 
   * debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch:
diff -Nru libvirt-0.9.2/debian/patches/lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch libvirt-0.9.2/debian/patches/lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch
--- libvirt-0.9.2/debian/patches/lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch	1969-12-31 19:00:00.000000000 -0500
+++ libvirt-0.9.2/debian/patches/lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch	2011-08-17 13:27:49.000000000 -0400
@@ -0,0 +1,139 @@
+From: Scott Moser <smoser@ubuntu.com>
+Subject: lxc: do not require 'ifconfig' or 'ipconfig' in container
+Last-updated: 2011-08-15
+Forwarded: yes
+
+Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
+inside a container using 'virRun'.  That has the side effect of requiring
+those commands to be present and to function in a manner consistent with
+the usage.
+
+This patch replaces the use of these commands with usage of
+netdevice.  The result is that lxc containers do not have to implement
+those commands, and lxc in libvirt is only dependent on the netdevice
+interface.
+
+=== modified file 'src/lxc/lxc_container.c'
+--- a/src/lxc/veth.c
++++ b/src/lxc/veth.c
+@@ -12,8 +12,11 @@
+ 
+ #include <config.h>
+ 
++#include <linux/sockios.h>
++#include <net/if.h>
+ #include <string.h>
+ #include <stdio.h>
++#include <sys/ioctl.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ 
+@@ -182,41 +185,49 @@ int vethDelete(const char *veth)
+  * @veth: name of veth device
+  * @upOrDown: 0 => down, 1 => up
+  *
+- * Enables a veth device using the ifconfig command.  A NULL inetAddress
+- * will cause it to be left off the command line.
++ * Enables a veth device using SIOCSIFFLAGS
+  *
+- * Returns 0 on success or -1 in case of error
++ * Returns 0 on success, -1 on failure, with errno set
+  */
+ int vethInterfaceUpOrDown(const char* veth, int upOrDown)
+ {
+-    int rc;
+-    const char *argv[] = {"ifconfig", veth, NULL, NULL};
+-    int cmdResult = 0;
++    struct ifreq ifr;
++    int fd, ret;
+ 
+-    if (0 == upOrDown)
+-        argv[2] = "down";
+-    else
+-        argv[2] = "up";
++    if ((fd = socket(PF_PACKET, SOCK_DGRAM, 0)) == -1)
++        return(-1);
+ 
+-    rc = virRun(argv, &cmdResult);
++    memset(&ifr, 0, sizeof(struct ifreq));
+ 
+-    if (rc != 0 ||
+-        (WIFEXITED(cmdResult) && WEXITSTATUS(cmdResult) != 0)) {
+-        if (0 == upOrDown)
++    if (virStrcpyStatic(ifr.ifr_name, veth) == NULL) {
++        errno = EINVAL;
++        return -1;
++    }
++
++    if ((ret = ioctl(fd, SIOCGIFFLAGS, &ifr)) == 0) {
++        if (upOrDown)
++            ifr.ifr_flags |= IFF_UP;
++        else
++            ifr.ifr_flags &= ~(IFF_UP | IFF_RUNNING);
++
++        ret = ioctl(fd, SIOCSIFFLAGS, &ifr);
++    }
++
++    close(fd);
++    if (ret == -1)
++        if (upOrDown == 0)
+             /*
+              * Prevent overwriting an error log which may be set
+              * where an actual failure occurs.
+              */
+-            VIR_DEBUG("Failed to disable '%s' (%d)",
+-                      veth, WEXITSTATUS(cmdResult));
++            VIR_DEBUG("Failed to disable '%s'", veth);
+         else
+             vethError(VIR_ERR_INTERNAL_ERROR,
+-                      _("Failed to enable '%s' (%d)"),
+-                      veth, WEXITSTATUS(cmdResult));
+-        rc = -1;
+-    }
++                      _("Failed to enable '%s'"), veth);
++    else
++        ret = 0;
+ 
+-    return rc;
++    return(ret);
+ }
+ 
+ /**
+@@ -275,17 +286,29 @@ int setMacAddr(const char* iface, const
+  * @iface: name of device
+  * @new: new name of @iface
+  *
+- * Changes the name of the given device with the
+- * given new name using this command:
+- *     ip link set @iface name @new
++ * Changes the name of the given device.
+  *
+- * Returns 0 on success or -1 in case of error
++ * Returns 0 on success, -1 on failure with errno set.
+  */
+ int setInterfaceName(const char* iface, const char* new)
+ {
+-    const char *argv[] = {
+-        "ip", "link", "set", iface, "name", new, NULL
+-    };
++    struct ifreq ifr;
++    int fd = socket(PF_PACKET, SOCK_DGRAM, 0);
+ 
+-    return virRun(argv, NULL);
++    memset(&ifr, 0, sizeof(struct ifreq));
++
++    if (virStrcpyStatic(ifr.ifr_name, iface) == NULL) {
++        errno = EINVAL;
++        return -1;
++    }
++
++    if (virStrcpyStatic(ifr.ifr_newname, new) == NULL) {
++        errno = EINVAL;
++        return -1;
++    }
++
++    if (ioctl(fd, SIOCSIFNAME, &ifr))
++        return -1;
++
++    return 0;
+ }
diff -Nru libvirt-0.9.2/debian/patches/series libvirt-0.9.2/debian/patches/series
--- libvirt-0.9.2/debian/patches/series	2011-08-15 10:04:45.000000000 -0400
+++ libvirt-0.9.2/debian/patches/series	2011-08-17 13:28:05.000000000 -0400
@@ -29,3 +29,4 @@
 CVE-2011-2511.patch
 libnl3.patch
 arm-gcc-workaround.patch
+lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch