Question about the delegation and being a privileged user or not. Snappy uses a setuid-root executable that writes to
/sys/fs/cgroup and then drops back to the user.
What we are being blocked on now, I think, is the ownership of
/sys/fs/cgroup (nobody) that differs from the regular permission outside of LXD (root).
Lastly is the root user inside the container an unprivileged user? Should it be able to bypass the
Snappy manages many cgroups, one per snap, dynamically as the corresponding applications are started. I’m not sure if I understand you correctly and if we can still do that.