diff --git a/CMakeLists.txt b/CMakeLists.txt
index d3ec71be..82c15ce0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -124,6 +124,7 @@ endif()
 option(DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)
 
 option(DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
+option(DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
 option(ENABLE_TRADITIONAL_ACTIVATION "Enable traditional activation (without using systemd)" ON)
 
 find_package(PkgConfig)
diff --git a/README.cmake b/README.cmake
index 03e5f27b..2cc4be93 100644
--- a/README.cmake
+++ b/README.cmake
@@ -149,6 +149,9 @@ ENABLE_QT_HELP:STRING=AUTO
 // enable bus daemon usage statistics
 DBUS_ENABLE_STATS:BOOL=OFF
 
+// enable restricted servers for app containers
+DBUS_ENABLE_CONTAINERS:BOOL=OFF
+
 // build with systemd at_console support
 ENABLE_SYSTEMD:STRING=AUTO
 
diff --git a/bus/containers.c b/bus/containers.c
index 816f3e1b..aa3116e4 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -29,8 +29,6 @@
 
 #ifdef DBUS_ENABLE_CONTAINERS
 
-#error This feature is not ready for production use
-
 #ifndef DBUS_UNIX
 # error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
 #endif
diff --git a/bus/driver.c b/bus/driver.c
index ebd98015..c6bff89d 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1970,9 +1970,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
   dbus_pid_t pid = DBUS_PID_UNSET;
   const char *windows_sid = NULL;
   const char *linux_security_label = NULL;
-#ifdef DBUS_ENABLE_CONTAINERS
   const char *path;
-#endif
 #ifdef HAVE_UNIX_FD_PASSING
   int pid_fd = -1; /* owned by credentials */
 #endif
@@ -2033,7 +2031,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
         return FALSE;
     }
 
-#ifdef DBUS_ENABLE_CONTAINERS
   /* This has to come from the connection, not the credentials */
   if (peer_conn != NULL &&
       bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
@@ -2043,7 +2040,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
                                       path))
         return FALSE;
     }
-#endif
 
 #ifdef HAVE_UNIX_FD_PASSING
   if (caller_conn != NULL && pid_fd >= 0 &&
diff --git a/bus/session.conf.in b/bus/session.conf.in
index affa7f1d..ace073c9 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -76,5 +76,11 @@
   <limit name="max_names_per_connection">50000</limit>
   <limit name="max_match_rules_per_connection">50000</limit>
   <limit name="max_replies_per_connection">50000</limit>
+  <limit name="max_containers">10000</limit>
+  <limit name="max_containers_per_user">10000</limit>
+  <limit name="max_container_metadata_bytes">1000000000</limit>
+  <!-- This is relatively low so that app-containers (which we do not fully
+       trust) do not cause DoS. -->
+  <limit name="max_connections_per_container">16</limit>
 
 </busconfig>
diff --git a/bus/system.conf.in b/bus/system.conf.in
index d2f3244b..7c79a1ae 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -126,6 +126,10 @@
   <!-- <limit name="max_names_per_connection">512</limit> -->
   <!-- <limit name="max_match_rules_per_connection">512</limit> -->
   <!-- <limit name="max_replies_per_connection">128</limit> -->
+  <!-- <limit name="max_containers">512</limit> -->
+  <!-- <limit name="max_containers_per_user">16</limit> -->
+  <!-- <limit name="max_container_metadata_bytes">4096</limit> -->
+  <!-- <limit name="max_connections_per_container">8</limit> -->
 
   <!-- Config files are placed here that among other things, punch 
        holes in the above policy for specific services. -->
diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake
index 1cf57286..0575fc75 100644
--- a/cmake/config.h.cmake
+++ b/cmake/config.h.cmake
@@ -41,6 +41,7 @@
 #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@"
 
 #cmakedefine DBUS_ENABLE_STATS
+#cmakedefine DBUS_ENABLE_CONTAINERS
 #cmakedefine ENABLE_TRADITIONAL_ACTIVATION
 
 #define TEST_LISTEN       "@TEST_LISTEN@"
diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h
index 87c0bd84..59b33e94 100644
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@@ -88,6 +88,8 @@ typedef enum
  */
 /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
 #define DBUS_INTERFACE_DBUS           "org.freedesktop.DBus"
+/** The restricted container interface exported by the dbus-daemon */
+#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
 /** The monitoring interface exported by the dbus-daemon */
 #define DBUS_INTERFACE_MONITORING     "org.freedesktop.DBus.Monitoring"
 
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index ae9b5aa3..e3ce49b0 100644
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -840,6 +840,14 @@ Available limit names are:</para>
                                      (number of calls-in-progress)
       "reply_timeout"              : milliseconds (thousandths)
                                      until a method call times out
+      "max_containers"             : max number of restricted servers for use
+                                     in app-containers, in total
+      "max_containers_per_user"    : max number of app-containers per Unix uid
+      "max_container_metadata_bytes": max number of bytes of metadata to store
+                                      for each app-container
+      "max_connections_per_container": max number of (authenticated or
+                                       unauthenticated) connections to each
+                                       app-container
 </literallayout> <!-- .fi -->
 
 
diff --git a/test/containers.c b/test/containers.c
index 79636460..f5bf5407 100644
--- a/test/containers.c
+++ b/test/containers.c
@@ -47,8 +47,6 @@
 
 #include "test-utils-glib.h"
 
-#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
-
 typedef struct {
     TestMainContext *ctx;
     gboolean skip;
diff --git a/test/data/valid-config-files/limit-containers.conf.in b/test/data/valid-config-files/limit-containers.conf.in
index 44dd3979..3cc3bb05 100644
--- a/test/data/valid-config-files/limit-containers.conf.in
+++ b/test/data/valid-config-files/limit-containers.conf.in
@@ -13,4 +13,9 @@
     <!-- Allow anyone to own anything -->
     <allow own="*"/>
   </policy>
+
+  <limit name="max_containers">5</limit>
+  <limit name="max_containers_per_user">3</limit>
+  <limit name="max_container_metadata_bytes">4096</limit>
+  <limit name="max_connections_per_container">3</limit>
 </busconfig>
diff --git a/test/data/valid-config-files/tmp-session.conf.in b/test/data/valid-config-files/tmp-session.conf.in
index d1effae1..502619dd 100644
--- a/test/data/valid-config-files/tmp-session.conf.in
+++ b/test/data/valid-config-files/tmp-session.conf.in
@@ -57,4 +57,11 @@
   <limit name="max_names_per_connection">50000</limit>
   <limit name="max_match_rules_per_connection">50000</limit>
   <limit name="max_replies_per_connection">50000</limit>
+  <limit name="max_containers">10000</limit>
+  <limit name="max_containers_per_user">10000</limit>
+  <limit name="max_container_metadata_bytes">1000000000</limit>
+  <!-- This is relatively low so that app-containers (which we do not fully
+       trust) do not cause DoS. -->
+  <limit name="max_connections_per_container">16</limit>
+
 </busconfig>
diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c
index 1288fe0c..772fac5f 100644
--- a/test/dbus-daemon.c
+++ b/test/dbus-daemon.c
@@ -637,6 +637,10 @@ test_creds (Fixture *f,
           g_assert_not_reached ();
 #endif
         }
+      else if (g_str_has_prefix (name, DBUS_INTERFACE_CONTAINERS1 "."))
+        {
+          g_assert_not_reached ();
+        }
 
       dbus_message_iter_next (&arr_iter);
     }