Issue with openrc cgroup: permission denied

I am attempting to troubleshoot an issue I’m experiencing with lxd 3.18 + lxc 3.2.1 2019-12-11 snapshot that I did not experience with lxd 3.14/lxc-3.0.4. I am also testing apparmor so I figure that this could be related to apparmor.

In an unprivileged Funtoo container, starting or stopping a service results in the following message:
bugs-new ~ # /etc/init.d/fcron stop
mkdir: cannot create directory ‘/sys/fs/cgroup/openrc/fcron’: Permission denied

The service still starts and stops, but the openrc cgroup cannot be created. Investigating further, looking at permissions in /sys/fs/cgroup/openrc:

bugs-new ~ # ls -dl /sys/fs/cgroup/openrc
drwxr-xr-x 2 nobody nobody 0 Dec 23 21:02 /sys/fs/cgroup/openrc
bugs-new ~ # ls -l /sys/fs/cgroup/openrc
total 0
-rw-r–r-- 1 nobody nobody 0 Dec 23 21:15 cgroup.clone_children
-rw-r–r-- 1 nobody nobody 0 Dec 23 21:14 cgroup.procs
-rw-r–r-- 1 nobody nobody 0 Dec 23 21:02 notify_on_release
-rw-r–r-- 1 nobody nobody 0 Dec 23 21:02 tasks
bugs-new ~ #

Futher, I am unable to set ownership to root which is what they need to be.

With a prior version of lxd, things worked fine. And the openrc cgroup is owned by root. Also using a newer version of openrc in the new environment so possibly that is causing the issue? The mount options for the cgroup are the same, comparing old container and new container.

Not sure what is going on here.

It appears that openrc is doing the exact same thing in both cases, so for now I’ve ruled out a difference in openrc being a potential cause of this problem.