diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go
index 82a2fc5e0a9..3332d92cfdb 100644
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@@ -212,9 +212,10 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
 
 var (
 	// These *must* be kept in sync with moby/moby.
-	// https://github.com/moby/moby/blob/master/oci/defaults.go#L116-L134
+	// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123
 	// @jessfraz will watch changes to those files upstream.
 	defaultMaskedPaths = []string{
+		"/proc/asound",
 		"/proc/acpi",
 		"/proc/kcore",
 		"/proc/keys",
@@ -226,7 +227,6 @@ var (
 		"/sys/firmware",
 	}
 	defaultReadonlyPaths = []string{
-		"/proc/asound",
 		"/proc/bus",
 		"/proc/fs",
 		"/proc/irq",