diff --git a/config-joey.hs b/config-joey.hs
index c363110..c2c2c87 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -362,6 +362,7 @@ standardContainer name suite arch = Docker.container name (dockerImage system)
 	& Apt.installed ["systemd"]
 	& Apt.unattendedUpgrades
 	& Apt.cacheCleaned
+	& Docker.tweaked
   where
 	system = System (Debian suite) arch
 
diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs
index 4307b85..003b7f5 100644
--- a/src/Propellor/Property/Docker.hs
+++ b/src/Propellor/Property/Docker.hs
@@ -13,6 +13,7 @@ module Propellor.Property.Docker (
 	docked,
 	memoryLimited,
 	garbageCollected,
+	tweaked,
 	Image,
 	ContainerName,
 	-- * Container configuration
@@ -176,6 +177,16 @@ garbageCollected = propertyList "docker garbage collected"
 	gcimages = property "docker images garbage collected" $ do
 		liftIO $ report <$> (mapM removeImage =<< listImages)
 
+-- | Tweaks a container to work well with docker.
+--
+-- Currently, this consists of making pam_loginuid lines optional in
+-- the pam config, to work around https://github.com/docker/docker/issues/5663
+-- which affects docker 1.2.0.
+tweaked :: Property
+tweaked = trivial $
+	cmdProperty "sh" ["-c", "sed -ri 's/^session\\s+required\\s+pam_loginuid.so$/session optional pam_loginuid.so/' /etc/pam.d/*"]
+	`describe` "tweaked for docker"
+
 -- | Configures the kernel to respect docker memory limits. 
 --
 -- This assumes the system boots using grub 2. And that you don't need any