diff --git a/container/container_test.go b/container/container_test.go
index d737a18..98713cb 100644
--- a/container/container_test.go
+++ b/container/container_test.go
@@ -275,12 +275,12 @@ var containerTestCases = []struct {
 		),
 		earlyMnt(
 			ent("/", "/dev", "ro,nosuid,nodev,relatime", "tmpfs", "devtmpfs", ignore),
-			ent("/null", "/dev/null", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/zero", "/dev/zero", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/full", "/dev/full", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/random", "/dev/random", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/urandom", "/dev/urandom", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/tty", "/dev/tty", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
+			ent("/null", "/dev/null", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/zero", "/dev/zero", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/full", "/dev/full", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/random", "/dev/random", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/urandom", "/dev/urandom", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/tty", "/dev/tty", ignore, "devtmpfs", "devtmpfs", ignore),
 			ent("/", "/dev/pts", "rw,nosuid,noexec,relatime", "devpts", "devpts", "rw,mode=620,ptmxmode=666"),
 			ent("/", "/dev/mqueue", "rw,nosuid,nodev,noexec,relatime", "mqueue", "mqueue", "rw"),
 			ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
@@ -293,12 +293,12 @@ var containerTestCases = []struct {
 		),
 		earlyMnt(
 			ent("/", "/dev", "ro,nosuid,nodev,relatime", "tmpfs", "devtmpfs", ignore),
-			ent("/null", "/dev/null", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/zero", "/dev/zero", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/full", "/dev/full", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/random", "/dev/random", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/urandom", "/dev/urandom", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
-			ent("/tty", "/dev/tty", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
+			ent("/null", "/dev/null", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/zero", "/dev/zero", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/full", "/dev/full", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/random", "/dev/random", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/urandom", "/dev/urandom", ignore, "devtmpfs", "devtmpfs", ignore),
+			ent("/tty", "/dev/tty", ignore, "devtmpfs", "devtmpfs", ignore),
 			ent("/", "/dev/pts", "rw,nosuid,noexec,relatime", "devpts", "devpts", "rw,mode=620,ptmxmode=666"),
 			ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
 		),
@@ -696,6 +696,9 @@ func init() {
 					mnt[i].VfsOptstr = strings.TrimSuffix(mnt[i].VfsOptstr, ",relatime")
 					mnt[i].VfsOptstr = strings.TrimSuffix(mnt[i].VfsOptstr, ",noatime")
 
+					cur.FsOptstr = strings.Replace(cur.FsOptstr, ",seclabel", "", 1)
+					mnt[i].FsOptstr = strings.Replace(mnt[i].FsOptstr, ",seclabel", "", 1)
+
 					if !cur.EqualWithIgnore(mnt[i], "\x00") {
 						fail = true
 						log.Printf("[FAIL] %s", cur)