diff --git a/integration-cli/docker_cli_top_test.go b/integration-cli/docker_cli_top_test.go
index 73d590cf06..d75ec54217 100644
--- a/integration-cli/docker_cli_top_test.go
+++ b/integration-cli/docker_cli_top_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 )
 
-func TestTop(t *testing.T) {
+func TestTopNonPrivileged(t *testing.T) {
 	runCmd := exec.Command(dockerBinary, "run", "-i", "-d", "busybox", "sleep", "20")
 	out, _, err := runCommandWithOutput(runCmd)
 	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
@@ -28,5 +28,29 @@ func TestTop(t *testing.T) {
 		t.Fatal("top should've listed sleep 20 in the process list")
 	}
 
-	logDone("top - sleep process should be listed")
+	logDone("top - sleep process should be listed in non privileged mode")
+}
+
+func TestTopPrivileged(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--privileged", "-i", "-d", "busybox", "sleep", "20")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	topCmd := exec.Command(dockerBinary, "top", cleanedContainerID)
+	out, _, err = runCommandWithOutput(topCmd)
+	errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out, err))
+
+	killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID)
+	_, err = runCommand(killCmd)
+	errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err))
+
+	deleteContainer(cleanedContainerID)
+
+	if !strings.Contains(out, "sleep 20") {
+		t.Fatal("top should've listed sleep 20 in the process list")
+	}
+
+	logDone("top - sleep process should be listed in privileged mode")
 }
diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go
index 220f08f1dc..f4fea133c5 100644
--- a/pkg/cgroups/apply_raw.go
+++ b/pkg/cgroups/apply_raw.go
@@ -78,17 +78,17 @@ func (raw *rawCgroup) join(subsystem string, pid int) (string, error) {
 }
 
 func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
-	if !c.DeviceAccess {
-		dir, err := raw.join("devices", pid)
+	dir, err := raw.join("devices", pid)
+	if err != nil {
+		return err
+	}
+	defer func() {
 		if err != nil {
-			return err
+			os.RemoveAll(dir)
 		}
+	}()
 
-		defer func() {
-			if err != nil {
-				os.RemoveAll(dir)
-			}
-		}()
+	if !c.DeviceAccess {
 
 		if err := writeFile(dir, "devices.deny", "a"); err != nil {
 			return err
@@ -132,16 +132,17 @@ func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
 }
 
 func (raw *rawCgroup) setupMemory(c *Cgroup, pid int) (err error) {
-	if c.Memory != 0 || c.MemorySwap != 0 {
-		dir, err := raw.join("memory", pid)
+	dir, err := raw.join("memory", pid)
+	if err != nil && (c.Memory != 0 || c.MemorySwap != 0) {
+		return err
+	}
+	defer func() {
 		if err != nil {
-			return err
+			os.RemoveAll(dir)
 		}
-		defer func() {
-			if err != nil {
-				os.RemoveAll(dir)
-			}
-		}()
+	}()
+
+	if c.Memory != 0 || c.MemorySwap != 0 {
 
 		if c.Memory != 0 {
 			if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
@@ -178,9 +179,10 @@ func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) {
 }
 
 func (raw *rawCgroup) setupCpuset(c *Cgroup, pid int) (err error) {
+	// we don't want to join this cgroup unless it is specified
 	if c.CpusetCpus != "" {
 		dir, err := raw.join("cpuset", pid)
-		if err != nil {
+		if err != nil && c.CpusetCpus != "" {
 			return err
 		}
 		defer func() {