diff --git a/components/packaging/common/dockerd.json b/components/packaging/common/dockerd.json
new file mode 100644
index 0000000000..e220755089
--- /dev/null
+++ b/components/packaging/common/dockerd.json
@@ -0,0 +1,11 @@
+{
+        "image": "${ENGINE_IMAGE}",
+        "namespace":"docker",
+        "args": [
+                "-s", "overlay",
+                "--containerd", "/run/containerd/containerd.sock",
+                "--default-runtime", "containerd",
+                "--add-runtime", "containerd=runc"
+        ],
+        "scope": "ce"
+}
diff --git a/components/packaging/containerd.mk b/components/packaging/containerd.mk
index 9871469030..f448a611e0 100644
--- a/components/packaging/containerd.mk
+++ b/components/packaging/containerd.mk
@@ -1,6 +1,6 @@
 # Common things for containerd functionality
 
-CONTAINERD_PROXY_COMMIT=3337fb47f10892318361b58c8483f19b1ffa8203
+CONTAINERD_PROXY_COMMIT=6615ae0be4014152533a83d44cdf9d3baa600d19
 CONTAINERD_SHIM_PROCESS_IMAGE=docker.io/docker/containerd-shim-process:a4d1531
 
 # If the docker-containerd.sock is available use that, else use the default containerd.sock
diff --git a/components/packaging/rpm/Makefile b/components/packaging/rpm/Makefile
index 203f43f214..58defa88c5 100644
--- a/components/packaging/rpm/Makefile
+++ b/components/packaging/rpm/Makefile
@@ -19,8 +19,8 @@ RPMBUILD_FLAGS=-ba\
 	--define '_origversion $(word 4, $(GEN_RPM_VER))' \
 	SPECS/docker-ce.spec SPECS/docker-ce-cli.spec
 
-SOURCE_TGZS=containerd-proxy.tgz cli.tgz containerd-shim-process.tar
-SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_TGZS))
+SOURCE_FILES=containerd-proxy.tgz cli.tgz containerd-shim-process.tar docker.service dockerd.json
+SOURCES=$(addprefix rpmbuild/SOURCES/, $(SOURCE_FILES))
 
 .PHONY: help
 help: ## show make targets
@@ -29,7 +29,10 @@ help: ## show make targets
 .PHONY: clean
 clean: ## remove build artifacts
 	[ ! -d rpmbuild ] || $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
-	$(RM) -r rpmbuild
+	$(RM) -r rpmbuild/
+	[ ! -d artifacts ] || $(CHOWN) -R $(shell id -u):$(shell id -g) artifacts
+	$(RM) -r artifacts/
+	[ ! -d tmp ] || $(CHOWN) -R $(shell id -u):$(shell id -g) tmp
 	$(RM) -r tmp/
 
 .PHONY: rpm
@@ -89,3 +92,11 @@ rpmbuild/SOURCES/containerd-shim-process.tar:
 	mkdir -p $(@D)
 	cp artifacts/containerd-shim-process.tar $@
 	$(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild
+
+rpmbuild/SOURCES/docker.service: ../systemd/docker.service
+	mkdir -p $(@D)
+	cp $< $@
+
+rpmbuild/SOURCES/dockerd.json: ../common/dockerd.json
+	mkdir -p $(@D)
+	cp $< $@
diff --git a/components/packaging/rpm/SPECS/docker-ce.spec b/components/packaging/rpm/SPECS/docker-ce.spec
index fe51b992b6..5b851b8200 100644
--- a/components/packaging/rpm/SPECS/docker-ce.spec
+++ b/components/packaging/rpm/SPECS/docker-ce.spec
@@ -6,6 +6,7 @@ Release: %{_release}%{?dist}
 Epoch: 2
 Source0: containerd-proxy.tgz
 Source1: containerd-shim-process.tar
+Source2: docker.service
 Summary: The open-source application container engine
 Group: Tools/Docker
 License: ASL 2.0
@@ -14,10 +15,15 @@ Vendor: Docker
 Packager: Docker <support@docker.com>
 
 Requires: docker-ce-cli
+Requires: systemd-units
+Requires: iptables
 # Should be required as well by docker-ce-cli but let's just be thorough
 Requires: containerd.io
 
+BuildRequires: which
+BuildRequires: make
 BuildRequires: gcc
+BuildRequires: pkgconfig(systemd)
 
 # conflicting packages
 Conflicts: docker
@@ -49,20 +55,58 @@ depending on a particular stack or provider.
 mkdir -p /go/src/github.com/crosbymichael/
 ls %{_topdir}/BUILD/src
 ln -s %{_topdir}/BUILD/src/containerd-proxy /go/src/github.com/crosbymichael/containerd-proxy
-go build -v -o /build/dockerd github.com/crosbymichael/containerd-proxy
+pushd /go/src/github.com/crosbymichael/containerd-proxy
+make SCOPE_LABEL="com.docker/containerd-proxy.scope" ANY_SCOPE="ee" bin/containerd-proxy
+popd
 
 %install
-install -D -m 0755 /build/dockerd $RPM_BUILD_ROOT/%{_bindir}/dockerd
-# TODO: Use containerd-offline-installer to actually install this as ExecStartPre systemd step
+# Install containerd-proxy as dockerd
+install -D -m 0755 %{_topdir}/BUILD/src/containerd-proxy/bin/containerd-proxy $RPM_BUILD_ROOT/%{_bindir}/dockerd
 install -D -m 0644 %{_topdir}/SOURCES/containerd-shim-process.tar $RPM_BUILD_ROOT/%{_sharedstatedir}/containerd/containerd-shim-process.tar
+install -D -m 0644 %{_topdir}/SOURCES/docker.service $RPM_BUILD_ROOT/%{_unitdir}/docker.service
+install -D -m 0644 %{_topdir}/SOURCES/dockerd.json $RPM_BUILD_ROOT/etc/containerd-proxy/dockerd.json
 
 %files
 /%{_bindir}/dockerd
 /%{_sharedstatedir}/containerd/containerd-shim-process.tar
+/%{_unitdir}/docker.service
+/etc/containerd-proxy/dockerd.json
+
+%pre
+if [ $1 -gt 0 ] ; then
+    # package upgrade scenario, before new files are installed
+
+    # clear any old state
+    rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+
+    # check if docker service is running
+    if systemctl is-active docker > /dev/null 2>&1; then
+        systemctl stop docker > /dev/null 2>&1 || :
+        touch %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
 
 %post
+%systemd_post docker
 if ! getent group docker > /dev/null; then
     groupadd --system docker
 fi
 
+%preun
+%systemd_preun docker
+
+%postun
+%systemd_postun_with_restart docker
+
+%posttrans
+if [ $1 -ge 0 ] ; then
+    # package upgrade scenario, after new files are installed
+
+    # check if docker was running before upgrade
+    if [ -f %{_localstatedir}/lib/rpm-state/docker-is-active ]; then
+        systemctl start docker > /dev/null 2>&1 || :
+        rm -f %{_localstatedir}/lib/rpm-state/docker-is-active > /dev/null 2>&1 || :
+    fi
+fi
+
 %changelog
diff --git a/components/packaging/rpm/systemd/docker.service b/components/packaging/systemd/docker.service
similarity index 73%
rename from components/packaging/rpm/systemd/docker.service
rename to components/packaging/systemd/docker.service
index 6c60646b56..0e0265a8c0 100644
--- a/components/packaging/rpm/systemd/docker.service
+++ b/components/packaging/systemd/docker.service
@@ -1,14 +1,13 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
-After=network-online.target firewalld.service
-Wants=network-online.target
+After=network-online.target firewalld.service containerd.service
+Wants=network-online.target containerd.service
 
 [Service]
 Type=notify
-# the default is not to use systemd for cgroups because the delegate issues still
-# exists and systemd currently does not support the cgroup feature set required
-# for containers run by docker
+# Install containerd-shim-process if it's not already installed
+ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd/containerd-shim-process.tar docker.io/docker/containerd-shim-process
 ExecStart=/usr/bin/dockerd
 ExecReload=/bin/kill -s HUP $MAINPID
 # Having non-zero Limit*s causes performance problems due to accounting overhead