I am implementing a simple virtualization using cgroups v2. I was able to make a non-root user mount the filesystem in it’s sandbox via namespaces and mapping UID/GID to root via Clone syscall, but I can’t make this user to create/manipulate cgroups even within it’s own group, even of it’s own processes.
Is it supported? Is it possible that non-root user sets cgroup limits to it’s own processes without sudo? Is there a code snippet I could look at?