diff --git a/daemon/container.go b/daemon/container.go
index b35969900c9caa4a451cb6fc2f6b95d623045dcc..45658c58309890b0cd8e0bb5b22b9803b53d5c92 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -260,7 +260,10 @@ func populateCommand(c *Container, env []string) error {
 	autoCreatedDevices := append(devices.DefaultAutoCreatedDevices, userSpecifiedDevices...)
 
 	// TODO: this can be removed after lxc-conf is fully deprecated
-	lxcConfig := mergeLxcConfIntoOptions(c.hostConfig)
+	lxcConfig, err := mergeLxcConfIntoOptions(c.hostConfig)
+	if err != nil {
+		return err
+	}
 
 	resources := &execdriver.Resources{
 		Memory:     c.Config.Memory,
diff --git a/daemon/utils.go b/daemon/utils.go
index 9c43236e0bf728bfc0cf4242dcd2f6d29090d750..6202e6d9616772060f628c05d1017c94429981da 100644
--- a/daemon/utils.go
+++ b/daemon/utils.go
@@ -1,6 +1,7 @@
 package daemon
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -32,9 +33,9 @@ func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostCon
 	return nil
 }
 
-func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) []string {
+func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) ([]string, error) {
 	if hostConfig == nil {
-		return nil
+		return nil, nil
 	}
 
 	out := []string{}
@@ -44,10 +45,13 @@ func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) []string {
 		for _, pair := range lxcConf {
 			// because lxc conf gets the driver name lxc.XXXX we need to trim it off
 			// and let the lxc driver add it back later if needed
+			if !strings.Contains(pair.Key, ".") {
+				return nil, errors.New("Illegal Key passed into LXC Configurations")
+			}
 			parts := strings.SplitN(pair.Key, ".", 2)
 			out = append(out, fmt.Sprintf("%s=%s", parts[1], pair.Value))
 		}
 	}
 
-	return out
+	return out, nil
 }
diff --git a/daemon/utils_test.go b/daemon/utils_test.go
index 7748b86022fc00057f330b3f6ca7c0a8e10c4f6f..8a2fa719ed461c73eb7dfa84a54ff38e82e0a1e0 100644
--- a/daemon/utils_test.go
+++ b/daemon/utils_test.go
@@ -14,7 +14,10 @@ func TestMergeLxcConfig(t *testing.T) {
 		},
 	}
 
-	out := mergeLxcConfIntoOptions(hostConfig)
+	out, err := mergeLxcConfIntoOptions(hostConfig)
+	if err != nil {
+		t.Fatalf("Failed to merge Lxc Config ", err)
+	}
 
 	cpuset := out[0]
 	if expected := "cgroups.cpuset=1,2"; cpuset != expected {