diff --git a/daemon/container.go b/daemon/container.go
index b35969900c..45658c5830 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -260,7 +260,10 @@ func populateCommand(c *Container, env []string) error {
 	autoCreatedDevices := append(devices.DefaultAutoCreatedDevices, userSpecifiedDevices...)
 
 	// TODO: this can be removed after lxc-conf is fully deprecated
-	lxcConfig := mergeLxcConfIntoOptions(c.hostConfig)
+	lxcConfig, err := mergeLxcConfIntoOptions(c.hostConfig)
+	if err != nil {
+		return err
+	}
 
 	resources := &execdriver.Resources{
 		Memory:     c.Config.Memory,
diff --git a/daemon/utils.go b/daemon/utils.go
index 9c43236e0b..6202e6d961 100644
--- a/daemon/utils.go
+++ b/daemon/utils.go
@@ -1,6 +1,7 @@
 package daemon
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -32,9 +33,9 @@ func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostCon
 	return nil
 }
 
-func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) []string {
+func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) ([]string, error) {
 	if hostConfig == nil {
-		return nil
+		return nil, nil
 	}
 
 	out := []string{}
@@ -44,10 +45,13 @@ func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig) []string {
 		for _, pair := range lxcConf {
 			// because lxc conf gets the driver name lxc.XXXX we need to trim it off
 			// and let the lxc driver add it back later if needed
+			if !strings.Contains(pair.Key, ".") {
+				return nil, errors.New("Illegal Key passed into LXC Configurations")
+			}
 			parts := strings.SplitN(pair.Key, ".", 2)
 			out = append(out, fmt.Sprintf("%s=%s", parts[1], pair.Value))
 		}
 	}
 
-	return out
+	return out, nil
 }
diff --git a/daemon/utils_test.go b/daemon/utils_test.go
index 7748b86022..8a2fa719ed 100644
--- a/daemon/utils_test.go
+++ b/daemon/utils_test.go
@@ -14,7 +14,10 @@ func TestMergeLxcConfig(t *testing.T) {
 		},
 	}
 
-	out := mergeLxcConfIntoOptions(hostConfig)
+	out, err := mergeLxcConfIntoOptions(hostConfig)
+	if err != nil {
+		t.Fatalf("Failed to merge Lxc Config ", err)
+	}
 
 	cpuset := out[0]
 	if expected := "cgroups.cpuset=1,2"; cpuset != expected {