diff --git a/execdriver/native/driver.go b/execdriver/native/driver.go
index 6236950476..0603b92400 100644
--- a/execdriver/native/driver.go
+++ b/execdriver/native/driver.go
@@ -7,6 +7,7 @@ import (
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
+	"github.com/dotcloud/docker/pkg/system"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -215,9 +216,11 @@ func (d *dockerCommandFactory) Create(container *libcontainer.Container, console
 		"-pipe", fmt.Sprint(syncFd),
 		"-root", filepath.Join(d.driver.root, d.c.ID),
 	}, args...)
-	d.c.SysProcAttr = &syscall.SysProcAttr{
-		Cloneflags: uintptr(nsinit.GetNamespaceFlags(container.Namespaces)),
-	}
+
+	// set this to nil so that when we set the clone flags anything else is reset
+	d.c.SysProcAttr = nil
+	system.SetCloneFlags(&d.c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces)))
+
 	d.c.Env = container.Env
 	d.c.Dir = d.c.Rootfs
 
diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
index 5eb378ac23..8ddf1e7e71 100644
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@@ -3,9 +3,9 @@ package nsinit
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/system"
 	"os"
 	"os/exec"
-	"syscall"
 )
 
 // CommandFactory takes the container's configuration and options passed by the
@@ -15,22 +15,31 @@ type CommandFactory interface {
 	Create(container *libcontainer.Container, console string, syncFd uintptr, args []string) *exec.Cmd
 }
 
-type DefaultCommandFactory struct{}
+type DefaultCommandFactory struct {
+	Root string
+}
 
 // Create will return an exec.Cmd with the Cloneflags set to the proper namespaces
 // defined on the container's configuration and use the current binary as the init with the
 // args provided
 func (c *DefaultCommandFactory) Create(container *libcontainer.Container, console string, pipe uintptr, args []string) *exec.Cmd {
-	// get our binary name so we can always reexec ourself
-	name := os.Args[0]
-	command := exec.Command(name, append([]string{
+	// get our binary name from arg0 so we can always reexec ourself
+	command := exec.Command(os.Args[0], append([]string{
 		"-console", console,
 		"-pipe", fmt.Sprint(pipe),
+		"-root", c.Root,
 		"init"}, args...)...)
 
-	command.SysProcAttr = &syscall.SysProcAttr{
-		Cloneflags: uintptr(GetNamespaceFlags(container.Namespaces)),
-	}
+	system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces)))
 	command.Env = container.Env
 	return command
 }
+
+// GetNamespaceFlags parses the container's Namespaces options to set the correct
+// flags on clone, unshare, and setns
+func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
+	for _, ns := range namespaces {
+		flag |= ns.Value
+	}
+	return flag
+}
diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go
index 253fbdcea4..55f7b9695b 100644
--- a/pkg/libcontainer/nsinit/execin.go
+++ b/pkg/libcontainer/nsinit/execin.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package nsinit
 
 import (
diff --git a/pkg/libcontainer/nsinit/ns_linux.go b/pkg/libcontainer/nsinit/ns_linux.go
deleted file mode 100644
index ab6322e75c..0000000000
--- a/pkg/libcontainer/nsinit/ns_linux.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package nsinit
-
-import (
-	"github.com/dotcloud/docker/pkg/libcontainer"
-)
-
-// getNamespaceFlags parses the container's Namespaces options to set the correct
-// flags on clone, unshare, and setns
-func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
-	for _, ns := range namespaces {
-		flag |= ns.Value
-	}
-	return flag
-}
diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go
index e6b020b74b..61921c59a3 100644
--- a/pkg/libcontainer/nsinit/nsinit/main.go
+++ b/pkg/libcontainer/nsinit/nsinit/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"encoding/json"
-	"errors"
 	"flag"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
@@ -18,11 +17,6 @@ var (
 	pipeFd        int
 )
 
-var (
-	ErrUnsupported    = errors.New("Unsupported method")
-	ErrWrongArguments = errors.New("Wrong argument count")
-)
-
 func registerFlags() {
 	flag.StringVar(&console, "console", "", "console (pty slave) path")
 	flag.IntVar(&pipeFd, "pipe", 0, "sync pipe fd")
@@ -35,7 +29,7 @@ func main() {
 	registerFlags()
 
 	if flag.NArg() < 1 {
-		log.Fatal(ErrWrongArguments)
+		log.Fatalf("wrong number of argments %d", flag.NArg())
 	}
 	container, err := loadContainer()
 	if err != nil {
@@ -71,7 +65,7 @@ func main() {
 			log.Fatal(err)
 		}
 		if flag.NArg() < 2 {
-			log.Fatal(ErrWrongArguments)
+			log.Fatalf("wrong number of argments %d", flag.NArg())
 		}
 		syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(pipeFd))
 		if err != nil {
@@ -112,5 +106,5 @@ func readPid() (int, error) {
 }
 
 func newNsInit() (nsinit.NsInit, error) {
-	return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{root}), nil
+	return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{root}, &nsinit.DefaultStateWriter{root}), nil
 }
diff --git a/pkg/libcontainer/nsinit/unsupported.go b/pkg/libcontainer/nsinit/unsupported.go
new file mode 100644
index 0000000000..2412223d28
--- /dev/null
+++ b/pkg/libcontainer/nsinit/unsupported.go
@@ -0,0 +1,19 @@
+// +build !linux
+
+package nsinit
+
+import (
+	"github.com/dotcloud/docker/pkg/libcontainer"
+)
+
+func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) {
+	return -1, libcontainer.ErrUnsupported
+}
+
+func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
+	return -1, libcontainer.ErrUnsupported
+}
+
+func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error {
+	return libcontainer.ErrUnsupported
+}
diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go
index cb64db1f29..8c28530140 100644
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@@ -5,25 +5,20 @@ import (
 	"errors"
 	"github.com/syndtr/gocapability/capability"
 	"os"
-	"syscall"
 )
 
 var (
-	ErrUnkownNamespace error = errors.New("Unkown namespace")
+	ErrUnkownNamespace  = errors.New("Unknown namespace")
+	ErrUnkownCapability = errors.New("Unknown capability")
+	ErrUnsupported      = errors.New("Unsupported method")
 )
 
 // namespaceList is used to convert the libcontainer types
 // into the names of the files located in /proc/<pid>/ns/* for
 // each namespace
 var (
-	namespaceList = Namespaces{
-		{Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"},
-		{Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"},
-		{Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"},
-		{Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"},
-		{Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"},
-		{Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"},
-	}
+	namespaceList = Namespaces{}
+
 	capabilityList = Capabilities{
 		{Key: "SETPCAP", Value: capability.CAP_SETPCAP},
 		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE},
@@ -52,6 +47,10 @@ type (
 	Namespaces []*Namespace
 )
 
+func (ns *Namespace) String() string {
+	return ns.Key
+}
+
 func (ns *Namespace) MarshalJSON() ([]byte, error) {
 	return json.Marshal(ns.Key)
 }
@@ -95,20 +94,24 @@ type (
 	Capabilities []*Capability
 )
 
-func (ns *Capability) MarshalJSON() ([]byte, error) {
-	return json.Marshal(ns.Key)
+func (c *Capability) String() string {
+	return c.Key
 }
 
-func (ns *Capability) UnmarshalJSON(src []byte) error {
+func (c *Capability) MarshalJSON() ([]byte, error) {
+	return json.Marshal(c.Key)
+}
+
+func (c *Capability) UnmarshalJSON(src []byte) error {
 	var capName string
 	if err := json.Unmarshal(src, &capName); err != nil {
 		return err
 	}
 	ret := GetCapability(capName)
 	if ret == nil {
-		return ErrUnkownNamespace
+		return ErrUnkownCapability
 	}
-	*ns = *ret
+	*c = *ret
 	return nil
 }
 
@@ -119,7 +122,7 @@ func GetCapability(key string) *Capability {
 		}
 	}
 	if os.Getenv("DEBUG") != "" {
-		panic("Unreachable: Namespace not found")
+		panic("Unreachable: Capability not found")
 	}
 	return nil
 }
diff --git a/pkg/libcontainer/types_linux.go b/pkg/libcontainer/types_linux.go
new file mode 100644
index 0000000000..c14531df20
--- /dev/null
+++ b/pkg/libcontainer/types_linux.go
@@ -0,0 +1,16 @@
+package libcontainer
+
+import (
+	"syscall"
+)
+
+func init() {
+	namespaceList = Namespaces{
+		{Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"},
+		{Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"},
+		{Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"},
+		{Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"},
+		{Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"},
+		{Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"},
+	}
+}
diff --git a/pkg/system/calls_linux.go b/pkg/system/calls_linux.go
index b7a8f140ba..bf667c535b 100644
--- a/pkg/system/calls_linux.go
+++ b/pkg/system/calls_linux.go
@@ -136,3 +136,10 @@ func Mkfifo(name string, mode uint32) error {
 func Umask(mask int) int {
 	return syscall.Umask(mask)
 }
+
+func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
+	if cmd.SysProcAttr == nil {
+		cmd.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	cmd.SysProcAttr.Cloneflags = flag
+}
diff --git a/pkg/system/errors.go b/pkg/system/errors.go
new file mode 100644
index 0000000000..63045186fe
--- /dev/null
+++ b/pkg/system/errors.go
@@ -0,0 +1,9 @@
+package system
+
+import (
+	"errors"
+)
+
+var (
+	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
+)
diff --git a/pkg/system/setns_linux.go b/pkg/system/setns_linux.go
index 07b1c93b4a..2b6f9e77ec 100644
--- a/pkg/system/setns_linux.go
+++ b/pkg/system/setns_linux.go
@@ -1,16 +1,11 @@
 package system
 
 import (
-	"errors"
 	"fmt"
 	"runtime"
 	"syscall"
 )
 
-var (
-	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
-)
-
 // Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092
 //
 // We need different setns values for the different platforms and arch
diff --git a/pkg/system/unsupported.go b/pkg/system/unsupported.go
new file mode 100644
index 0000000000..eb3ec7ee92
--- /dev/null
+++ b/pkg/system/unsupported.go
@@ -0,0 +1,15 @@
+// +build !linux
+
+package system
+
+import (
+	"os/exec"
+)
+
+func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
+
+}
+
+func UsetCloseOnExec(fd uintptr) error {
+	return ErrNotSupportedPlatform
+}
diff --git a/runtime.go b/runtime.go
index c062578a31..0096f184e1 100644
--- a/runtime.go
+++ b/runtime.go
@@ -709,9 +709,12 @@ func NewRuntimeFromDirectory(config *DaemonConfig, eng *engine.Engine) (*Runtime
 
 	switch config.ExecDriver {
 	case "lxc":
+		// we want to five the lxc driver the full docker root because it needs
+		// to access and write config and template files in /var/lib/docker/containers/*
+		// to be backwards compatible
 		ed, err = lxc.NewDriver(config.Root, sysInfo.AppArmor)
 	case "native":
-		ed, err = native.NewDriver(path.Join(config.Root, "native"))
+		ed, err = native.NewDriver(path.Join(config.Root, "execdriver", "native"))
 	default:
 		return nil, fmt.Errorf("unknown exec driver %s", config.ExecDriver)
 	}