diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index e0932ea18f..6219c256dc 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -3038,6 +3038,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
         goto cleanup;
     }
 
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                       _("devices cgroup isn't mounted"));
+        goto cleanup;
+    }
+
     if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("Can't setup disk for non-block device"));
@@ -3105,12 +3111,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
                                         vm->def, def) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->src,
                                  (def->readonly ?
                                   VIR_CGROUP_DEVICE_READ :
@@ -3307,12 +3307,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
                     def->source.subsys.u.usb.device) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
                                 def->source.subsys.u.usb.device, vroot)))
         goto cleanup;
@@ -3460,12 +3454,6 @@ lxcDomainAttachDeviceHostdevStorageLive(virLXCDriverPtr driver,
                                           vm->def, def, vroot) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
                                  VIR_CGROUP_DEVICE_RW |
                                  VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3568,12 +3556,6 @@ lxcDomainAttachDeviceHostdevMiscLive(virLXCDriverPtr driver,
                                           vm->def, def, vroot) < 0)
         goto cleanup;
 
-    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
-        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
-                       _("devices cgroup isn't mounted"));
-        goto cleanup;
-    }
-
     if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
                                  VIR_CGROUP_DEVICE_RW |
                                  VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3649,6 +3631,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCDriverPtr driver,
         return -1;
     }
 
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                       _("devices cgroup isn't mounted"));
+        return -1;
+    }
+
     switch (dev->data.hostdev->mode) {
     case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
         return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev);