Re: [libvirt-users] Can we disable write to /sys/fs/cgroup tree inside container ?

Why libvirt mount /sys/fs/cgroup/* inside container as rw ? We use kernel 3.10.0-693.2.2.el7.x86_64 and XFS and therefore our containers are privileged. Yes, we know that in such containers root can use SysRq at least for reboot hardware node. But problem with cgroups can be more hidden and cryptic.