diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
index adc12da849..2b6470ecdd 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@@ -1,7 +1,8 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=http://docs.docker.com
-After=containerd.service docker.socket network.target
+After=containerd.service docker.socket network-online.target
+Wants=network-online.target
 Requires=containerd.service docker.socket
 
 [Service]
@@ -24,6 +25,12 @@ TasksMax=infinity
 TimeoutStartSec=0
 # set delegate yes so that systemd does not reset the cgroups of docker containers
 Delegate=yes
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+# restart the docker process if it exits prematurely
+Restart=on-failure
+StartLimitBurst=3
+StartLimitInterval=60s
 
 [Install]
 WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.socket b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.socket
index 5a96c40f83..53133c4f8f 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.socket
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.socket
@@ -5,7 +5,7 @@ PartOf=docker.service
 [Socket]
 ListenStream=/var/run/docker.sock
 SocketMode=0660
-SocketUser=docker
+SocketUser=root
 SocketGroup=docker
 
 [Install]