diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json
index f9eacb96591..56d0cd88ad5 100644
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@@ -44,8 +44,8 @@
 		},
 		{
 			"ImportPath": "github.com/appc/spec/schema",
-			"Comment": "v0.6.1-30-gc928a0c",
-			"Rev": "c928a0c907c96034dfc0a69098b2179db5ae7e37"
+			"Comment": "v0.7.1",
+			"Rev": "818ac4d0073424f4e0a46f45abaa147ccc1b5a24"
 		},
 		{
 			"ImportPath": "github.com/aws/aws-sdk-go/aws",
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/doc.go b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/doc.go
new file mode 100644
index 00000000000..9cc5734607d
--- /dev/null
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/doc.go
@@ -0,0 +1,28 @@
+// Copyright 2015 The appc Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package lastditch provides fallback redefinitions of parts of
+// schemas provided by schema package.
+//
+// Almost no validation of schemas is done (besides checking if data
+// really is `JSON`-encoded and kind is either `ImageManifest` or
+// `PodManifest`. This is to get as much data as possible from an
+// invalid manifest. The main aim of the package is to be used for the
+// better error reporting. The another aim might be to force some
+// operation (like removing a pod), which would otherwise fail because
+// of an invalid manifest.
+//
+// To avoid validation during deserialization, types provided by this
+// package use plain strings.
+package lastditch
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/image.go b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/image.go
new file mode 100644
index 00000000000..dc5055a0564
--- /dev/null
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/image.go
@@ -0,0 +1,45 @@
+// Copyright 2015 The appc Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package lastditch
+
+import (
+	"encoding/json"
+
+	"github.com/appc/spec/schema"
+	"github.com/appc/spec/schema/types"
+)
+
+type ImageManifest struct {
+	ACVersion string `json:"acVersion"`
+	ACKind    string `json:"acKind"`
+	Name      string `json:"name"`
+	Labels    Labels `json:"labels,omitempty"`
+}
+
+// a type just to avoid a recursion during unmarshalling
+type imageManifest ImageManifest
+
+func (im *ImageManifest) UnmarshalJSON(data []byte) error {
+	i := imageManifest(*im)
+	err := json.Unmarshal(data, &i)
+	if err != nil {
+		return err
+	}
+	if i.ACKind != string(schema.ImageManifestKind) {
+		return types.InvalidACKindError(schema.ImageManifestKind)
+	}
+	*im = ImageManifest(i)
+	return nil
+}
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/labels.go b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/labels.go
new file mode 100644
index 00000000000..5cf93a087c4
--- /dev/null
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/labels.go
@@ -0,0 +1,38 @@
+// Copyright 2015 The appc Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package lastditch
+
+import (
+	"encoding/json"
+)
+
+type Labels []Label
+
+// a type just to avoid a recursion during unmarshalling
+type labels Labels
+
+type Label struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
+}
+
+func (l *Labels) UnmarshalJSON(data []byte) error {
+	var jl labels
+	if err := json.Unmarshal(data, &jl); err != nil {
+		return err
+	}
+	*l = Labels(jl)
+	return nil
+}
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/pod.go b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/pod.go
new file mode 100644
index 00000000000..2e9d8456bbd
--- /dev/null
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/lastditch/pod.go
@@ -0,0 +1,57 @@
+// Copyright 2015 The appc Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package lastditch
+
+import (
+	"encoding/json"
+
+	"github.com/appc/spec/schema"
+	"github.com/appc/spec/schema/types"
+)
+
+type PodManifest struct {
+	ACVersion string  `json:"acVersion"`
+	ACKind    string  `json:"acKind"`
+	Apps      AppList `json:"apps"`
+}
+
+type AppList []RuntimeApp
+
+type RuntimeApp struct {
+	Name  string       `json:"name"`
+	Image RuntimeImage `json:"image"`
+}
+
+type RuntimeImage struct {
+	Name   string `json:"name"`
+	ID     string `json:"id"`
+	Labels Labels `json:"labels,omitempty"`
+}
+
+// a type just to avoid a recursion during unmarshalling
+type podManifest PodManifest
+
+func (pm *PodManifest) UnmarshalJSON(data []byte) error {
+	p := podManifest(*pm)
+	err := json.Unmarshal(data, &p)
+	if err != nil {
+		return err
+	}
+	if p.ACKind != string(schema.PodManifestKind) {
+		return types.InvalidACKindError(schema.PodManifestKind)
+	}
+	*pm = PodManifest(p)
+	return nil
+}
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/pod.go b/Godeps/_workspace/src/github.com/appc/spec/schema/pod.go
index 9c1333b6fba..47e0340cd19 100644
--- a/Godeps/_workspace/src/github.com/appc/spec/schema/pod.go
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/pod.go
@@ -126,19 +126,19 @@ func (al AppList) Get(name types.ACName) *RuntimeApp {
 	return nil
 }
 
-// Mount describes the mapping between a volume and an apps
-// MountPoint that will be fulfilled at runtime.
+// Mount describes the mapping between a volume and the path it is mounted
+// inside of an app's filesystem.
 type Mount struct {
-	Volume     types.ACName `json:"volume"`
-	MountPoint types.ACName `json:"mountPoint"`
+	Volume types.ACName `json:"volume"`
+	Path   string       `json:"path"`
 }
 
 func (r Mount) assertValid() error {
 	if r.Volume.Empty() {
 		return errors.New("volume must be set")
 	}
-	if r.MountPoint.Empty() {
-		return errors.New("mountPoint must be set")
+	if r.Path == "" {
+		return errors.New("path must be set")
 	}
 	return nil
 }
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/types/app.go b/Godeps/_workspace/src/github.com/appc/spec/schema/types/app.go
index 9f25a33cefe..363b6b5f5fc 100644
--- a/Godeps/_workspace/src/github.com/appc/spec/schema/types/app.go
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/types/app.go
@@ -22,15 +22,16 @@ import (
 )
 
 type App struct {
-	Exec             Exec           `json:"exec"`
-	EventHandlers    []EventHandler `json:"eventHandlers,omitempty"`
-	User             string         `json:"user"`
-	Group            string         `json:"group"`
-	WorkingDirectory string         `json:"workingDirectory,omitempty"`
-	Environment      Environment    `json:"environment,omitempty"`
-	MountPoints      []MountPoint   `json:"mountPoints,omitempty"`
-	Ports            []Port         `json:"ports,omitempty"`
-	Isolators        Isolators      `json:"isolators,omitempty"`
+	Exec              Exec           `json:"exec"`
+	EventHandlers     []EventHandler `json:"eventHandlers,omitempty"`
+	User              string         `json:"user"`
+	Group             string         `json:"group"`
+	SupplementaryGIDs []int          `json:"supplementaryGIDs,omitempty"`
+	WorkingDirectory  string         `json:"workingDirectory,omitempty"`
+	Environment       Environment    `json:"environment,omitempty"`
+	MountPoints       []MountPoint   `json:"mountPoints,omitempty"`
+	Ports             []Port         `json:"ports,omitempty"`
+	Isolators         Isolators      `json:"isolators,omitempty"`
 }
 
 // app is a model to facilitate extra validation during the
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/types/semver.go b/Godeps/_workspace/src/github.com/appc/spec/schema/types/semver.go
index 151da37354b..0008181a5ec 100644
--- a/Godeps/_workspace/src/github.com/appc/spec/schema/types/semver.go
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/types/semver.go
@@ -44,6 +44,21 @@ func NewSemVer(s string) (*SemVer, error) {
 	return &v, nil
 }
 
+func (sv SemVer) LessThanMajor(versionB SemVer) bool {
+	majorA := semver.Version(sv).Major
+	majorB := semver.Version(versionB).Major
+	if majorA < majorB {
+		return true
+	}
+	return false
+}
+
+func (sv SemVer) LessThanExact(versionB SemVer) bool {
+	vA := semver.Version(sv)
+	vB := semver.Version(versionB)
+	return vA.LessThan(vB)
+}
+
 func (sv SemVer) String() string {
 	s := semver.Version(sv)
 	return s.String()
diff --git a/Godeps/_workspace/src/github.com/appc/spec/schema/version.go b/Godeps/_workspace/src/github.com/appc/spec/schema/version.go
index 412a63488d1..87ff7862d56 100644
--- a/Godeps/_workspace/src/github.com/appc/spec/schema/version.go
+++ b/Godeps/_workspace/src/github.com/appc/spec/schema/version.go
@@ -22,7 +22,7 @@ const (
 	// version represents the canonical version of the appc spec and tooling.
 	// For now, the schema and tooling is coupled with the spec itself, so
 	// this must be kept in sync with the VERSION file in the root of the repo.
-	version string = "0.6.1+git"
+	version string = "0.7.1"
 )
 
 var (
diff --git a/pkg/kubelet/rkt/rkt.go b/pkg/kubelet/rkt/rkt.go
index 1f8cf75fd4e..6d5e2ffd80a 100644
--- a/pkg/kubelet/rkt/rkt.go
+++ b/pkg/kubelet/rkt/rkt.go
@@ -52,8 +52,9 @@ import (
 )
 
 const (
-	acVersion             = "0.6.1"
-	rktMinimumVersion     = "0.8.1"
+	acVersion             = "0.7.1"
+	minimumRktVersion     = "0.9.0"
+	recommendRktVersion   = "0.9.0"
 	systemdMinimumVersion = "219"
 
 	systemdServiceDir = "/run/systemd/system"
@@ -155,13 +156,23 @@ func New(config *Config,
 	if err != nil {
 		return nil, err
 	}
-	result, err = version.Compare(rktMinimumVersion)
+	result, err = version.Compare(minimumRktVersion)
 	if err != nil {
 		return nil, err
 	}
 	if result < 0 {
-		return nil, fmt.Errorf("rkt: Version is too old, requires at least %v", rktMinimumVersion)
+		return nil, fmt.Errorf("rkt: version is too old, requires at least %v", minimumRktVersion)
 	}
+
+	result, err = version.Compare(recommendRktVersion)
+	if err != nil {
+		return nil, err
+	}
+	if result != 0 {
+		// TODO(yifan): Record an event to expose the information.
+		glog.Warningf("rkt: current version %q is not recommended (recommended version %q)", version, recommendRktVersion)
+	}
+
 	return rkt, nil
 }
 
@@ -581,9 +592,9 @@ func (r *Runtime) preparePod(pod *api.Pod, pullSecrets []api.Secret) (string, *k
 
 	var runPrepared string
 	if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.HostNetwork {
-		runPrepared = fmt.Sprintf("%s run-prepared --mds-register=false %s", r.rktBinAbsPath, uuid)
+		runPrepared = fmt.Sprintf("%s run-prepared --mds-register=false --net=host %s", r.rktBinAbsPath, uuid)
 	} else {
-		runPrepared = fmt.Sprintf("%s run-prepared --mds-register=false --private-net %s", r.rktBinAbsPath, uuid)
+		runPrepared = fmt.Sprintf("%s run-prepared --mds-register=false %s", r.rktBinAbsPath, uuid)
 	}
 
 	// TODO handle pod.Spec.HostPID
@@ -1329,14 +1340,14 @@ func (r *Runtime) getImageByName(imageName string) (*kubecontainer.Image, error)
 
 // ListImages lists all the available appc images on the machine by invoking 'rkt image list'.
 func (r *Runtime) ListImages() ([]kubecontainer.Image, error) {
-	// Example output of 'rkt image list --fields=key,name':
+	// Example output of 'rkt image list --fields=id,name --full':
 	//
-	// KEY									        NAME
+	// ID									        NAME
 	// sha512-374770396f23dd153937cd66694fe705cf375bcec7da00cf87e1d9f72c192da7	nginx:latest
 	// sha512-bead9e0df8b1b4904d0c57ade2230e6d236e8473f62614a8bc6dcf11fc924123	coreos.com/rkt/stage1:0.8.1
 	//
 	// With '--no-legend=true' the fist line (KEY NAME) will be omitted.
-	output, err := r.runCommand("image", "list", "--no-legend=true", "--fields=key,name")
+	output, err := r.runCommand("image", "list", "--no-legend=true", "--fields=id,name", "--full")
 	if err != nil {
 		return nil, err
 	}