diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go
index 4bda045c2..58ee5c585 100644
--- a/cmd/runtimetest/main.go
+++ b/cmd/runtimetest/main.go
@@ -191,6 +191,20 @@ func validateSysctls(spec *rspec.Spec) error {
 	return nil
 }
 
+func validateRootFS(spec *rspec.Spec) error {
+	fmt.Println("validating root")
+	if spec.Root.Readonly {
+		fi, err := os.Stat("/")
+		if err != nil {
+			return err
+		}
+		if fi.Mode()&0222 != 0 {
+			return fmt.Errorf("Rootfs should be readonly")
+		}
+	}
+	return nil
+}
+
 func main() {
 	spec, err := loadSpecConfig()
 	if err != nil {
@@ -198,6 +212,7 @@ func main() {
 	}
 
 	validations := []validation{
+		validateRootFS,
 		validateProcess,
 		validateCapabilities,
 		validateHostname,