diff --git a/test/e2e/framework/pods.go b/test/e2e/framework/pods.go
index fb0d1fcbd45..90ad5489f50 100644
--- a/test/e2e/framework/pods.go
+++ b/test/e2e/framework/pods.go
@@ -202,6 +202,23 @@ func (c *PodClient) WaitForSuccess(name string, timeout time.Duration) {
 	)).To(Succeed(), "wait for pod %q to success", name)
 }
 
+// WaitForFailure waits for pod to fail.
+func (c *PodClient) WaitForFailure(name string, timeout time.Duration) {
+	f := c.f
+	Expect(WaitForPodCondition(f.ClientSet, f.Namespace.Name, name, "success or failure", timeout,
+		func(pod *v1.Pod) (bool, error) {
+			switch pod.Status.Phase {
+			case v1.PodFailed:
+				return true, nil
+			case v1.PodSucceeded:
+				return true, fmt.Errorf("pod %q successed with reason: %q, message: %q", name, pod.Status.Reason, pod.Status.Message)
+			default:
+				return false, nil
+			}
+		},
+	)).To(Succeed(), "wait for pod %q to fail", name)
+}
+
 // WaitForSuccess waits for pod to succeed or an error event for that pod.
 func (c *PodClient) WaitForErrorEventOrSuccess(pod *v1.Pod) (*v1.Event, error) {
 	var ev *v1.Event
diff --git a/test/e2e_node/security_context_test.go b/test/e2e_node/security_context_test.go
index 8ca5551fc66..55eba77e026 100644
--- a/test/e2e_node/security_context_test.go
+++ b/test/e2e_node/security_context_test.go
@@ -340,39 +340,25 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			podName := fmt.Sprintf("busybox-readonly-%v-%s", readOnlyRootFilesystem, uuid.NewUUID())
 			podClient.Create(makeUserPod(podName,
 				"gcr.io/google_containers/busybox:1.24",
-				[]string{"sh", "-c", "touch checkfile && [ -f checkfile ] && echo Found || true"},
+				[]string{"sh", "-c", "touch checkfile"},
 				readOnlyRootFilesystem,
 			))
 
-			podClient.WaitForSuccess(podName, framework.PodStartTimeout)
+			if readOnlyRootFilesystem {
+				podClient.WaitForFailure(podName, framework.PodStartTimeout)
+			} else {
+				podClient.WaitForSuccess(podName, framework.PodStartTimeout)
+			}
 
 			return podName
 		}
 
 		It("should run the container with readonly rootfs when readOnlyRootFilesystem=true", func() {
-			podName := createAndWaitUserPod(true)
-			logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
-			if err != nil {
-				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
-			}
-
-			framework.Logf("Got logs for pod %q: %q", podName, logs)
-			if strings.Contains(logs, "Found") {
-				framework.Failf("readonly-rootfs container shouldn't be able to write files")
-			}
+			createAndWaitUserPod(true)
 		})
 
 		It("should run the container with writable rootfs when readOnlyRootFilesystem=false", func() {
-			podName := createAndWaitUserPod(false)
-			logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
-			if err != nil {
-				framework.Failf("GetPodLogs for pod %q failed: %v", podName, err)
-			}
-
-			framework.Logf("Got logs for pod %q: %q", podName, logs)
-			if !strings.Contains(logs, "Found") {
-				framework.Failf("non-readonly-rootfs container should be able to write files")
-			}
+			createAndWaitUserPod(false)
 		})
 	})
 })