CGroup namespaces support

I run Ubuntu with kernel 4.10 that supports CGroup namespaces. Is it possible to run a non-privileged Docker container that creates its own CGroup namespace and mounts its CGroup directories under /sys/fs/cgroup read write just like privileged containers do?
Currently, if I run a non-privileged container I still see the system wide cgroup read-only. If I run a privileged container, it works as expected, however I would like to use a non-privileged container.

Thank you in advance!