Currently, FEATURES=cgroup fails under systemd, as follows: File "_emerge/AbstractEbuildProcess.py", line 88, in _start os.mkdir(cgroup_portage, 0o755) File "portage/__init__.py", line 250, in __call__ rval = self._func(*wrapped_args, **wrapped_kwargs) OSError: [Errno 30] Read-only file system: b'/sys/fs/cgroup/portage' It looks like we'll have to use systemd's APIs: https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/
In util-linux-2.32, unshare --pid --kill-child implements the desired behavior using a pid namespace, and there's no need for special interaction with systemd.
Maybe we can deprecate FEATURES=cgroup now that FEATURES=pid-sandbox is available. However, we've got bug 670714 which requests additional cgroup features.