diff --git a/namespaces/execin.go b/namespaces/execin.go
index 7ce82c81..ddff5c3a 100644
--- a/namespaces/execin.go
+++ b/namespaces/execin.go
@@ -73,6 +73,11 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs
 		return terminate(err)
 	}
 
+	// finish cgroups' setup, unblock the child process.
+	if _, err := parent.WriteString("1"); err != nil {
+		return terminate(err)
+	}
+
 	if err := json.NewEncoder(parent).Encode(container); err != nil {
 		return terminate(err)
 	}
diff --git a/namespaces/nsenter/nsenter.c b/namespaces/nsenter/nsenter.c
index 9782702d..1666eff8 100644
--- a/namespaces/nsenter/nsenter.c
+++ b/namespaces/nsenter/nsenter.c
@@ -155,6 +155,12 @@ void nsenter()
 			exit(1);
 		}
 	}
+	// blocking until the parent placed the process inside correct cgroups.
+	unsigned char s;
+	if (read(3, &s, 1) != 1 || s != '1') {
+		pr_perror("failed to receive synchronization data from parent");
+		exit(1);
+	}
 	// Setns on all supported namespaces.
 	char ns_dir[PATH_MAX];
 	memset(ns_dir, 0, PATH_MAX);