diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 34bdf9145..8444eaf12 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -840,8 +840,10 @@ static void lxc_put_attach_clone_payload(struct attach_clone_payload *p)
 		p->pty_fd = -EBADF;
 	}
 
-	if (p->init_ctx)
+	if (p->init_ctx) {
 		lxc_proc_put_context_info(p->init_ctx);
+		p->init_ctx = NULL;
+	}
 }
 
 static int attach_child_main(struct attach_clone_payload *payload)
@@ -1143,6 +1145,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	pid_t attached_pid, init_pid, pid;
 	struct lxc_proc_context_info *init_ctx;
 	struct lxc_console pty;
+	struct lxc_conf *conf;
 	struct attach_clone_payload payload = {0};
 
 	ret = access("/proc/self/ns", X_OK);
@@ -1187,6 +1190,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 			return -ENOMEM;
 		}
 	}
+	conf = init_ctx->container->lxc_conf;
 
 	if (!fetch_seccomp(init_ctx->container, options))
 		WARN("Failed to get seccomp policy.");
@@ -1260,7 +1264,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	}
 
 	if (options->attach_flags & LXC_ATTACH_ALLOCATE_PTY) {
-		ret = lxc_attach_pty(init_ctx->container->lxc_conf, &pty);
+		ret = lxc_attach_pty(conf, &pty);
 		if (ret < 0) {
 			ERROR("Failed to allocate pty");
 			free(cwd);
@@ -1269,6 +1273,8 @@ int lxc_attach(const char *name, const char *lxcpath,
 		}
 
 		pty.log_fd = options->log_fd;
+	} else {
+		lxc_pty_init(&pty);
 	}
 
 	/* Create a socket pair for IPC communication; set SOCK_CLOEXEC in order
@@ -1350,9 +1356,16 @@ int lxc_attach(const char *name, const char *lxcpath,
 			      "cgroups", pid);
 		}
 
+		/* Setup /proc limits */
+		if (!lxc_list_empty(&conf->procs)) {
+			ret = setup_proc_filesystem(&conf->procs, pid);
+			if (ret < 0)
+				goto on_error;
+		}
+
 		/* Setup resource limits */
-		if (!lxc_list_empty(&init_ctx->container->lxc_conf->limits)) {
-			ret = setup_resource_limits(&init_ctx->container->lxc_conf->limits, pid);
+		if (!lxc_list_empty(&conf->limits)) {
+			ret = setup_resource_limits(&conf->limits, pid);
 			if (ret < 0)
 				goto on_error;
 		}
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 2d1ad4ebb..5350ddcda 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1221,9 +1221,6 @@ static int recursive_destroy(char *dirname)
 		char *pathname;
 		struct stat mystat;
 
-		if (!direntp)
-			break;
-
 		if (!strcmp(direntp->d_name, ".") ||
 		    !strcmp(direntp->d_name, ".."))
 			continue;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ff5c0c225..a080bbd7e 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2608,15 +2608,17 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 			return -1;
 		}
 
-		buflen = sizeof("deny\n") - 1;
-		errno = 0;
-		ret = lxc_write_nointr(fd, "deny\n", buflen);
-		if (ret != buflen) {
-			SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid);
+		if (fd >= 0) {
+			buflen = sizeof("deny\n") - 1;
+			errno = 0;
+			ret = lxc_write_nointr(fd, "deny\n", buflen);
+			if (ret != buflen) {
+				SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid);
+				close(fd);
+				return -1;
+			}
 			close(fd);
-			return -1;
 		}
-		close(fd);
 	}
 
 	ret = snprintf(path, MAXPATHLEN, "/proc/%d/%cid_map", pid,
diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index 29394c80d..594b00094 100644
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -155,8 +155,6 @@ static void prevent_forking(void)
 	}
 
 on_error:
-	if (fd >= 0)
-		close(fd);
 	free(line);
 	fclose(f);
 }
@@ -197,23 +195,25 @@ static void kill_children(pid_t pid)
 
 static void remove_self(void)
 {
-	char path[PATH_MAX];
+	int ret;
 	ssize_t n;
+	char path[MAXPATHLEN] = {0};
 
 	n = readlink("/proc/self/exe", path, sizeof(path));
-	if (n < 0) {
+	if (n < 0 || n >= MAXPATHLEN) {
 		SYSERROR("Failed to readlink \"/proc/self/exe\"");
 		return;
 	}
+	path[n] = '\0';
 
-	path[n] = 0;
-
-	if (umount2(path, MNT_DETACH) < 0) {
+	ret = umount2(path, MNT_DETACH);
+	if (ret < 0) {
 		SYSERROR("Failed to unmount \"%s\"", path);
 		return;
 	}
 
-	if (unlink(path) < 0) {
+	ret = unlink(path);
+	if (ret < 0) {
 		SYSERROR("Failed to unlink \"%s\"", path);
 		return;
 	}
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 6dcdd340d..644d2a52f 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -209,7 +209,6 @@ int lxc_monitor_open(const char *lxcpath)
 	int fd;
 	size_t retry;
 	size_t len;
-	int ret = -1;
 	int backoff_ms[] = {10, 50, 100};
 
 	if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
@@ -218,16 +217,16 @@ int lxc_monitor_open(const char *lxcpath)
 	fd = socket(PF_UNIX, SOCK_STREAM, 0);
 	if (fd < 0) {
 		ERROR("Failed to create socket: %s.", strerror(errno));
-		return -errno;
+		return -1;
 	}
 
 	len = strlen(&addr.sun_path[1]);
 	DEBUG("opening monitor socket %s with len %zu", &addr.sun_path[1], len);
 	if (len >= sizeof(addr.sun_path) - 1) {
 		errno = ENAMETOOLONG;
-		ret = -errno;
 		ERROR("name of monitor socket too long (%zu bytes): %s", len, strerror(errno));
-		goto on_error;
+		close(fd);
+		return -1;
 	}
 
 	for (retry = 0; retry < sizeof(backoff_ms) / sizeof(backoff_ms[0]); retry++) {
@@ -239,16 +238,12 @@ int lxc_monitor_open(const char *lxcpath)
 	}
 
 	if (fd < 0) {
-		ret = -errno;
 		ERROR("Failed to connect to monitor socket: %s.", strerror(errno));
-		goto on_error;
+		close(fd);
+		return -1;
 	}
 
 	return fd;
-
-on_error:
-	close(fd);
-	return ret;
 }
 
 int lxc_monitor_read_fdset(struct pollfd *fds, nfds_t nfds, struct lxc_msg *msg,
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 42d075b77..9886bfcf1 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -548,22 +548,21 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
 	close(descr.epfd);
 	descr.epfd = -EBADF;
 	if (ret < 0 || !handler->init_died)
-		goto out_mainloop;
+		goto out_mainloop_console;
 
 	if (has_console)
 		ret = lxc_mainloop(&descr_console, 0);
 
-
-out_mainloop:
-	lxc_mainloop_close(&descr);
-	TRACE("Closed mainloop");
-
 out_mainloop_console:
 	if (has_console) {
 		lxc_mainloop_close(&descr_console);
 		TRACE("Closed console mainloop");
 	}
 
+out_mainloop:
+	lxc_mainloop_close(&descr);
+	TRACE("Closed mainloop");
+
 out_sigfd:
 	close(handler->sigfd);
 	TRACE("Closed signal file descriptor %d", handler->sigfd);
diff --git a/src/lxc/tools/lxc_execute.c b/src/lxc/tools/lxc_execute.c
index 98f846fc2..3348d7c1c 100644
--- a/src/lxc/tools/lxc_execute.c
+++ b/src/lxc/tools/lxc_execute.c
@@ -21,24 +21,26 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 #define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
 #include <errno.h>
 #include <libgen.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <lxc/lxccontainer.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <lxc/lxccontainer.h>
 
-#include "caps.h"
-#include "lxc.h"
-#include "log.h"
-#include "conf.h"
-#include "confile.h"
 #include "arguments.h"
+#include "caps.h"
+#include "conf.h"
 #include "config.h"
+#include "confile.h"
+#include "log.h"
+#include "lxc.h"
 #include "start.h"
 #include "utils.h"
 
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index a20e4b715..0b8841630 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2415,12 +2415,8 @@ int parse_byte_size_string(const char *s, int64_t *converted)
 	if (suffix_len > 0 && (end - 2) == dup && !isdigit(*(end - 2)))
 		return -EINVAL;
 
-	if (suffix_len > 0 && isalpha(*(end - 2))) {
-		if (suffix_len == 1)
-			suffix_len++;
-		else
-			return -EINVAL;
-	}
+	if (suffix_len > 0 && isalpha(*(end - 2)))
+		suffix_len++;
 
 	if (suffix_len > 0) {
 		memcpy(suffix, end - suffix_len, suffix_len);