diff --git a/spec.go b/spec.go
index fd3475fa..b198b58b 100644
--- a/spec.go
+++ b/spec.go
@@ -94,7 +94,7 @@ var specCommand = cli.Command{
 						Destination: "/sys",
 						Type:        "sysfs",
 						Source:      "sysfs",
-						Options:     []string{"nosuid", "noexec", "nodev"},
+						Options:     []string{"nosuid", "noexec", "nodev", "ro"},
 					},
 					{
 						Destination: "/sys/fs/cgroup",
@@ -575,14 +575,6 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
 	return nil
 }
 
-func setReadonly(config *configs.Config) {
-	for _, m := range config.Mounts {
-		if m.Device == "sysfs" {
-			m.Flags |= syscall.MS_RDONLY
-		}
-	}
-}
-
 func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
 	if len(spec.Linux.UIDMappings) == 0 {
 		return nil