The problem is lxc has to watch the jail's utmp file to guess when it wants to halt, because Linux kernels before version 3.4 does not provide any function to reboot or halt a container from inside. It has leaded to a dirty hack in lxc-utils that failed now.
First problem is the overlaid /run; the Wheezy initscript mounts a tmpfs in /run and (re)creates utmp file there but lxc-utils won't notice it. This could be fixed several ways: 1. do not give permission for the container to mount file systems, drop sys_admin capability 2. mount tmpfs in /run from the container's lxc config before the container mounts it Second problem is the absolute symlink in /var/run; lxc-utils does not expect absolute symlink there so it will watch the host's utmp file for changes that pretty useless. You cannot replace this absolute link in a Wheezy container, the initscript will restore that on next boot. A trivial solution to patch lxc-utils to prefer /run over /var/run for utmp watching, see my attachment. Yes, my patch just an another hack, but not worth much effort to properly fix it, because the next Debian-stable will get rid of this utmp-hack as the kernel will support reboot() in process namespaces..
prefer_run_for_utmp_watching.diff
Description: Binary data