diff --git a/server/container_create.go b/server/container_create.go
index cc7c5d45..ccae4101 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -323,6 +323,9 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		return nil, err
 	}
 
+	// Add cgroup mount so container process can introspect its own limits
+	specgen.AddCgroupsMount("ro")
+
 	if err := addDevices(sb, containerConfig, &specgen); err != nil {
 		return nil, err
 	}