Another daemon for managing control groups

I can't, and agree with your position. We have two practical needs for the manager for lxc. First is that lxc itself not have to worry about nesting for children - it just wants containers to be under itself regardless if what its current cgroup is. Don't want that code in lxc. Second is user namespaces - you cannot make changes to devices cgroup settings if you are root in a child userns (need sys_admin targeted at init_user_ns), and a patch to allow this (which should be safe due to in-kernel hierarchical constraints) was rejected. The manager handles that for us.

Well, one danger is simply too-deep nesting of cgroups by unpriv users which could exhaust kmem. That and yours are all I know of.