Issues with cgroups (cpuset) and kernel module inside CT

[soupdiver]

I try to run a Hashicorp Nomad agent inside a CT that should spawn Tasks using its `exec` driver. See: https://www.nomadproject.io/docs/drivers/exec
Essentially it will isolate the process using chroot/cgroups.
This however fails in my container.
I get 2 errors

1) The cpuset management controller seems not to be available. I'm not very familiar with lxc low-level internals.

ll /sys/fs/cgroup/nomad.slice/cpuset.cpus.effective
ls: cannot access '/sys/fs/cgroup/nomad.slice/cpuset.cpus.effective': No such file or directory

Seems to be a sympthom of this.

More tech details in this github issue: https://github.com/hashicorp/nomad/issues/14797

2) I'm missing the bridge kernel module

| 3 errors occurred:
  |     * module bridge not in /proc/modules
  |     * failed to open /lib/modules/5.15.60-1-pve/modules.builtin: open /lib/modules/5.15.60-1-pve/modules.builtin: no such file or directory
  |     * failed to open /lib/modules/5.15.60-1-pve/modules.dep: open /lib/modules/5.15.60-1-pve/modules.dep: no such file or directory
  |

Is there a way to get `/lib/modules` available in the container?

Happy to provide more details to figure this out.
I have tried in a priviliged and unpriviliged container but the result seems to be the same.

Update: I tried the same setup inside a VM and not a container. I get the same result. Initially I thought this is because of the nesting with cgroups but now I'm not sure.