diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 632dde310..1e30c0ce8 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
 	return 0;
 }
 
+/* NOTE: not to be called from inside the container namespace! */
 int tmp_proc_mount(struct lxc_conf *lxc_conf)
 {
 	int mounted;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 4e96a5082..0bc7a2045 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
  *
  * Returns < 0 on failure, 0 if the correct proc was already mounted
  * and 1 if a new proc was mounted.
+ *
+ * NOTE: not to be called from inside the container namespace!
  */
 int mount_proc_if_needed(const char *rootfs)
 {
@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
 	return 0;
 
 domount:
-	if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
+	if (!strcmp(rootfs,"")) /* rootfs is NULL */
+		ret = mount("proc", path, "proc", 0, NULL);
+	else
+		ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
+
+	if (ret < 0)
 		return -1;
+
 	INFO("Mounted /proc in container for security transition");
 	return 1;
 }