diff --git a/modules/common/appspawn_cgroup.c b/modules/common/appspawn_cgroup.c
index 754d626787747bd1a8a4659fd882b61c82faccaf..c53416933875192118c971c11c67f5e87ab1a611 100644
--- a/modules/common/appspawn_cgroup.c
+++ b/modules/common/appspawn_cgroup.c
@@ -29,6 +29,7 @@
 #include "appspawn_hook.h"
 #include "appspawn_manager.h"
 #include "appspawn_utils.h"
+#include "init_utils.h"
 #include "securec.h"
 #include "cJSON.h"
 #include <sys/ioctl.h>
@@ -192,6 +193,31 @@ static int ProcessMgrRemoveApp(const AppSpawnMgr *content, const AppSpawnedProce
     return ret;
 }
 
+static int ChangeCgroupPathGid(const char *path)
+{
+    APPSPAWN_CHECK(path != NULL && *path != '\0', return -1, "Invalid path");
+    char buffer[PATH_MAX] = {0};
+    const char slash = '/';
+    const char *p = path;
+    char *curPos = strchr(path, slash);
+    while (curPos != NULL) {
+        int len = curPos - p;
+        p = curPos + 1;
+        if (len == 0) {
+            curPos = strchr(p, slash);
+            continue;
+        }
+        int ret = memcpy_s(buffer, PATH_MAX, path, p - path - 1);
+        APPSPAWN_CHECK(ret == 0, return ret, "Failed to memcpy_s path");
+        if (strcmp(buffer, "/dev") != 0 && strcmp(buffer, "/dev/pids") != 0) {
+            ret = chown(buffer, -1, DecodeGid("system"));
+            APPSPAWN_CHECK(ret == 0, return ret, "Failed to change cgroup path gid errno: %{public}d", errno);
+        }
+        curPos = strchr(p, slash);
+    }
+    return 0;
+}
+
 static int ProcessMgrAddApp(const AppSpawnMgr *content, const AppSpawnedProcessInfo *appInfo)
 {
     APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
@@ -204,6 +230,8 @@ static int ProcessMgrAddApp(const AppSpawnMgr *content, const AppSpawnedProcessI
     int ret = GetCgroupPath(appInfo, path, sizeof(path));
     APPSPAWN_CHECK(ret == 0, return -1, "Failed to get real path errno: %{public}d", errno);
     (void)CreateSandboxDir(path, 0750);  // 0750 default mode
+    ret = ChangeCgroupPathGid(path);
+    APPSPAWN_CHECK_ONLY_LOG(ret == 0, "Failed to change cgroup path gid errno: %{public}d", errno);
     uint32_t pathLen = strlen(path);
     ret = strcat_s(path, sizeof(path), "cgroup.procs");
     APPSPAWN_CHECK(ret == 0, return ret, "Failed to strcat_s errno: %{public}d", errno);