diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.10.0.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.9.1-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.10.0.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
index 28955f971e..72bfa63e2e 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
@@ -12,7 +12,7 @@ if [[ ${PV} == *9999 ]]; then
 	DOCKER_GITCOMMIT="unknown"
 	KEYWORDS="~amd64 ~arm64"
 else
-	CROS_WORKON_COMMIT="98946981f575c69f923b7db49159711381b7fe8e" # v1.9.1 with backports
+	CROS_WORKON_COMMIT="e21da33466d099af2d61672df8617da0061e82cf" # v1.10.0 + overlay fixes
 	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
 	KEYWORDS="amd64"
 fi
@@ -23,7 +23,7 @@ DESCRIPTION="Docker complements kernel namespacing with a high-level API which o
 HOMEPAGE="https://dockerproject.org"
 LICENSE="Apache-2.0"
 SLOT="0"
-IUSE="apparmor aufs +btrfs contrib +device-mapper experimental lxc +overlay +selinux vim-syntax zsh-completion"
+IUSE="apparmor aufs +btrfs contrib +device-mapper experimental +overlay seccomp +selinux vim-syntax zsh-completion"
 
 # https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
 CDEPEND="
@@ -31,6 +31,9 @@ CDEPEND="
 	device-mapper? (
 		>=sys-fs/lvm2-2.02.89[thin]
 	)
+	seccomp? (
+		>=sys-libs/libseccomp-2.1.1[static-libs]
+	)
 "
 
 #dev-go/go-md2man
@@ -38,7 +41,7 @@ DEPEND="
 	${CDEPEND}
 
 	btrfs? (
-		>=sys-fs/btrfs-progs-3.8
+		>=sys-fs/btrfs-progs-3.16.1
 	)
 "
 
@@ -58,10 +61,6 @@ RDEPEND="
 	>=dev-vcs/git-1.7
 	>=app-arch/xz-utils-4.9
 
-	lxc? (
-		>=app-emulation/lxc-1.0.7
-	)
-
 	apparmor? (
 		sys-libs/libapparmor[static-libs]
 	)
@@ -83,13 +82,14 @@ CONFIG_CHECK="
 
 	~MEMCG_KMEM ~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
 
-	~BLK_CGROUP ~IOSCHED_CFQ
+	~BLK_CGROUP ~IOSCHED_CFQ ~BLK_DEV_THROTTLING
 	~CGROUP_PERF
 	~CGROUP_HUGETLB
 	~NET_CLS_CGROUP
 	~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED
 "
 
+ERROR_USER_NS="CONFIG_USER_NS: is optional"
 ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional"
 ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
 ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
@@ -163,6 +163,12 @@ pkg_setup() {
 		"
 	fi
 
+	if use seccomp; then
+		CONFIG_CHECK+="
+			~SECCOMP
+		"
+	fi
+
 	linux-info_pkg_setup
 
 	# create docker group for the code checking for it in /etc/group
@@ -211,6 +217,9 @@ src_compile() {
 		fi
 	done
 
+	if use seccomp; then
+		DOCKER_BUILDTAGS+=" seccomp"
+	fi
 	if use selinux; then
 		DOCKER_BUILDTAGS+=" selinux"
 	fi
@@ -230,6 +239,9 @@ src_compile() {
 	export CC=$(tc-getCC)
 	export CXX=$(tc-getCXX)
 
+	# verbose building
+	export BUILDFLAGS="-x -v"
+
 	# time to build!
 	./hack/make.sh dynbinary || die 'dynbinary failed'