diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 582029288c6..35eabbe31c7 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -1071,16 +1071,16 @@ func remount(m *configs.Mount, rootfs string, mountFd *int) error {
 		if err == nil {
 			return nil
 		}
-		// Check if the source has ro flag...
+		// Check if the source has ro, nodev, noexec, nosuid flag...
 		var s unix.Statfs_t
 		if err := unix.Statfs(source, &s); err != nil {
 			return &os.PathError{Op: "statfs", Path: source, Err: err}
 		}
-		if s.Flags&unix.MS_RDONLY != unix.MS_RDONLY {
+		if s.Flags&(unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) == 0 {
 			return err
 		}
-		// ... and retry the mount with ro flag set.
-		flags |= unix.MS_RDONLY
+		// ... and retry the mount with flags found above.
+		flags |= uintptr(s.Flags & (unix.MS_RDONLY | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID))
 		return mount(source, m.Destination, procfd, m.Device, flags, "")
 	})
 }