diff --git a/server/container_create.go b/server/container_create.go
index d716fc98..3ecd8953 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -737,6 +737,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		}
 		specgen.SetProcessSelinuxLabel(processLabel)
 		specgen.SetLinuxMountLabel(mountLabel)
+		specgen.SetProcessNoNewPrivileges(linux.GetSecurityContext().GetNoNewPrivs())
 
 		if containerConfig.GetLinux().GetSecurityContext() != nil &&
 			!containerConfig.GetLinux().GetSecurityContext().Privileged {