diff --git a/pkg/securitycontext/provider.go b/pkg/securitycontext/provider.go
index f37aa4e017955..e31914960f994 100644
--- a/pkg/securitycontext/provider.go
+++ b/pkg/securitycontext/provider.go
@@ -159,6 +159,11 @@ func DetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *
 		*effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot
 	}
 
+	if containerSc.ReadOnlyRootFilesystem != nil {
+		effectiveSc.ReadOnlyRootFilesystem = new(bool)
+		*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
+	}
+
 	return effectiveSc
 }