diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 3d82118c9b..849dc32d22 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -155,18 +155,22 @@ echo
 echo 'Generally Necessary:'
 
 echo -n '- '
-cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
-cgroupDir="$(dirname "$cgroupSubsystemDir")"
-if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then
-	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
+if [ "$(stat -f -c %t /sys/fs/cgroup 2> /dev/null)" = '63677270' ]; then
+	echo "$(wrap_good 'cgroup hierarchy' 'cgroupv2')"
 else
-	if [ "$cgroupSubsystemDir" ]; then
-		echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
+	cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
+	cgroupDir="$(dirname "$cgroupSubsystemDir")"
+	if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then
+		echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
 	else
-		wrap_bad 'cgroup hierarchy' 'nonexistent??'
+		if [ "$cgroupSubsystemDir" ]; then
+			echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
+		else
+			wrap_bad 'cgroup hierarchy' 'nonexistent??'
+		fi
+		EXITCODE=1
+		echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
 	fi
-	EXITCODE=1
-	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
 fi
 
 if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then
@@ -192,9 +196,9 @@ flags=(
 	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
 	KEYS
 	VETH BRIDGE BRIDGE_NETFILTER
-	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
+	IP_NF_FILTER IP_NF_TARGET_MASQUERADE
 	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
-	IP_NF_NAT NF_NAT NF_NAT_NEEDED
+	IP_NF_NAT NF_NAT
 
 	# required for bind-mounting /dev/mqueue into containers
 	POSIX_MQUEUE
@@ -204,6 +208,14 @@ if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt
 	check_flags DEVPTS_MULTIPLE_INSTANCES
 fi
 
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then
+	check_flags NF_NAT_IPV4
+fi
+
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then
+	check_flags NF_NAT_NEEDED
+fi
+
 echo
 
 echo 'Optional Features:'
@@ -218,13 +230,21 @@ echo 'Optional Features:'
 	check_flags CGROUP_PIDS
 }
 {
-	CODE=${EXITCODE}
-	check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
-	if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then
+	check_flags MEMCG_SWAP
+	# Kernel v5.8+ removes MEMCG_SWAP_ENABLED.
+	if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then
+		CODE=${EXITCODE}
+		check_flags MEMCG_SWAP_ENABLED
+		# FIXME this check is cgroupv1-specific
+		if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then
+			echo "    $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)"
+			EXITCODE=${CODE}
+		elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
+			echo "    $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)"
+		fi
+	else
+		# Kernel v5.8+ enables swap accounting by default.
 		echo "    $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)"
-		EXITCODE=${CODE}
-	elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
-		echo "    $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)"
 	fi
 }
 {
@@ -263,8 +283,12 @@ else
 	netprio=CGROUP_NET_PRIO
 fi
 
+if [ "$kernelMajor" -lt 5 ]; then
+	check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED
+fi
+
 flags=(
-	BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED
+	BLK_CGROUP BLK_DEV_THROTTLING
 	CGROUP_PERF
 	CGROUP_HUGETLB
 	NET_CLS_CGROUP $netprio
@@ -299,7 +323,10 @@ echo "  - \"$(wrap_color 'overlay' blue)\":"
 check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/    /'
 echo '      Optional (for encrypted networks):'
 check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \
-	XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
+	XFRM XFRM_USER XFRM_ALGO INET_ESP | sed 's/^/      /'
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then
+	check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
+fi
 echo "  - \"$(wrap_color 'ipvlan' blue)\":"
 check_flags IPVLAN | sed 's/^/    /'
 echo "  - \"$(wrap_color 'macvlan' blue)\":"