diff --git a/tests/container_hardening/test_container_hardening.py b/tests/container_hardening/test_container_hardening.py
new file mode 100644
index 00000000000..6150f77f72f
--- /dev/null
+++ b/tests/container_hardening/test_container_hardening.py
@@ -0,0 +1,27 @@
+import pytest
+import logging
+from tests.common.helpers.assertions import pytest_assert
+
+pytestmark = [
+    pytest.mark.topology('any'),
+]
+
+logger = logging.getLogger(__name__)
+
+NO_PRIVILEGED_CONTAINERS = [
+    'bgp',
+]
+
+
+def test_container_privileged(duthost):
+    """
+    Test container without --privileged flag has no access to /dev/vda* or /dev/sda*
+    """
+    for container_name in NO_PRIVILEGED_CONTAINERS:
+        docker_exec_cmd = 'docker exec {} bash -c '.format(container_name)
+        cmd = duthost.shell(docker_exec_cmd + "'df -h | grep /etc/hosts' | awk '{print $1}'")
+        rc, device = cmd['rc'], cmd['stdout']
+        pytest_assert(rc == 0, 'Failed to get the device name.')
+        pytest_assert(device.startswith('/dev/'), 'Invalid device {}.'.format(device))
+        output = duthost.shell(docker_exec_cmd + "'ls {}'".format(device), module_ignore_errors=True)['stdout']
+        pytest_assert(not output, 'The partition {} exists.'.format(device))
diff --git a/tests/python3_test_files.txt b/tests/python3_test_files.txt
index c718226f9ac..04c7a3e8c57 100644
--- a/tests/python3_test_files.txt
+++ b/tests/python3_test_files.txt
@@ -37,6 +37,7 @@ console/test_console_loopback.py
 console/test_console_reversessh.py
 console/test_console_udevrule.py
 container_checker/test_container_checker.py
+container_hardening/test_container_hardening.py
 copp/test_copp.py
 crm/test_crm.py
 dash/test_dash_vnet.py