diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index a8ad33347a2f6fa74c71774625161daef7619c26..f93245a7fe6ee819ad3749fcbde3cd4d27090b19 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -3287,6 +3287,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
         goto cleanup;
     }
 
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                       _("devices cgroup isn't mounted"));
+        goto cleanup;
+    }
+
     if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("Can't setup disk for non-block device"));
@@ -3354,12 +3360,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
                                         vm->def, def) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->src,
                                  (def->readonly ?
                                   VIR_CGROUP_DEVICE_READ :
@@ -3566,12 +3566,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
         goto cleanup;
     }
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
                                 def->source.subsys.u.usb.device, vroot)))
         goto cleanup;
@@ -3721,12 +3715,6 @@ lxcDomainAttachDeviceHostdevStorageLive(virLXCDriverPtr driver,
                                           vm->def, def, vroot) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
                                  VIR_CGROUP_DEVICE_RW |
                                  VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3832,12 +3820,6 @@ lxcDomainAttachDeviceHostdevMiscLive(virLXCDriverPtr driver,
                                           vm->def, def, vroot) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
                                  VIR_CGROUP_DEVICE_RW |
                                  VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3913,6 +3895,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCDriverPtr driver,
         return -1;
     }
 
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                       _("devices cgroup isn't mounted"));
+        return -1;
+    }
+
     switch (dev->data.hostdev->mode) {
     case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
         return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev);