diff --git a/pkg/kubelet/dockershim/libdocker/kube_docker_client.go b/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
index 02ef40bc797..13a1eab5559 100644
--- a/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
+++ b/pkg/kubelet/dockershim/libdocker/kube_docker_client.go
@@ -205,7 +205,7 @@ func (d *kubeDockerClient) inspectImageRaw(ref string) (*dockertypes.ImageInspec
 		return nil, ctxErr
 	}
 	if err != nil {
-		if dockerapi.IsErrImageNotFound(err) {
+		if dockerapi.IsErrNotFound(err) {
 			err = ImageNotFoundError{ID: ref}
 		}
 		return nil, err
@@ -469,7 +469,7 @@ func (d *kubeDockerClient) StartExec(startExec string, opts dockertypes.ExecStar
 		}
 		return err
 	}
-	resp, err := d.client.ContainerExecAttach(ctx, startExec, dockertypes.ExecConfig{
+	resp, err := d.client.ContainerExecAttach(ctx, startExec, dockertypes.ExecStartCheck{
 		Detach: opts.Detach,
 		Tty:    opts.Tty,
 	})
diff --git a/pkg/kubelet/dockershim/security_context.go b/pkg/kubelet/dockershim/security_context.go
index 343c3876480..e2724357136 100644
--- a/pkg/kubelet/dockershim/security_context.go
+++ b/pkg/kubelet/dockershim/security_context.go
@@ -137,6 +137,9 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
 		hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, "no-new-privileges")
 	}
 
+	hostConfig.MaskedPaths = sc.MaskedPaths
+	hostConfig.ReadonlyPaths = sc.ReadonlyPaths
+
 	return nil
 }