diff --git a/KubeArmor/BPF/shared.h b/KubeArmor/BPF/shared.h
index a5960be711..7a92c6d3ac 100644
--- a/KubeArmor/BPF/shared.h
+++ b/KubeArmor/BPF/shared.h
@@ -174,7 +174,8 @@ static __always_inline bool prepend_path(struct path *path, bufs_t *string_p) {
       m = BPF_CORE_READ(mnt, mnt_parent);
       if (mnt != m) {
         dentry = BPF_CORE_READ(mnt, mnt_mountpoint);
-        mnt = m;
+        mnt = BPF_CORE_READ(mnt, mnt_parent);
+        vfsmnt = &mnt->mnt;
         continue;
       }
       break;
diff --git a/KubeArmor/BPF/system_monitor.c b/KubeArmor/BPF/system_monitor.c
index 9991f71bb2..b1b15619db 100644
--- a/KubeArmor/BPF/system_monitor.c
+++ b/KubeArmor/BPF/system_monitor.c
@@ -674,7 +674,8 @@ static __always_inline bool prepend_path(struct path *path, bufs_t *string_p, in
             if (mnt != m)
             {
                 bpf_probe_read(&dentry, sizeof(struct dentry *), &mnt->mnt_mountpoint);
-                mnt = m;
+                bpf_probe_read(&mnt, sizeof(struct mount *), &mnt->mnt_parent);
+                vfsmnt = &mnt->mnt;
                 continue;
             }
 
diff --git a/KubeArmor/enforcer/bpflsm/enforcer_bpfeb.o b/KubeArmor/enforcer/bpflsm/enforcer_bpfeb.o
index bda97d14d7..6ed17e11bf 100644
Binary files a/KubeArmor/enforcer/bpflsm/enforcer_bpfeb.o and b/KubeArmor/enforcer/bpflsm/enforcer_bpfeb.o differ
diff --git a/KubeArmor/enforcer/bpflsm/enforcer_bpfel.o b/KubeArmor/enforcer/bpflsm/enforcer_bpfel.o
index 3af676469b..4da1dbe758 100644
Binary files a/KubeArmor/enforcer/bpflsm/enforcer_bpfel.o and b/KubeArmor/enforcer/bpflsm/enforcer_bpfel.o differ
diff --git a/KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.o b/KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.o
index cf059b95b6..cf1f1fa115 100644
Binary files a/KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.o and b/KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.o differ
diff --git a/KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.o b/KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.o
index 251d04e7b2..7376c6b49b 100644
Binary files a/KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.o and b/KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.o differ
diff --git a/KubeArmor/utils/bpflsmprobe/probe_bpfeb.o b/KubeArmor/utils/bpflsmprobe/probe_bpfeb.o
index 0775008831..48e797fd5e 100644
Binary files a/KubeArmor/utils/bpflsmprobe/probe_bpfeb.o and b/KubeArmor/utils/bpflsmprobe/probe_bpfeb.o differ
diff --git a/KubeArmor/utils/bpflsmprobe/probe_bpfel.o b/KubeArmor/utils/bpflsmprobe/probe_bpfel.o
index 4446f3ada9..d5d022eccd 100644
Binary files a/KubeArmor/utils/bpflsmprobe/probe_bpfel.o and b/KubeArmor/utils/bpflsmprobe/probe_bpfel.o differ
diff --git a/tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml b/tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml
index afc2ef0394..107d362a89 100644
--- a/tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml
+++ b/tests/k8s_env/block/res/ksp-wordpress-allow-file.yaml
@@ -19,6 +19,8 @@ spec:
     - dir: /bin/
     - dir: /pts/
       recursive: true
+    - dir: /dev/
+      recursive: true
     matchPaths:
     - path: /root/.bashrc
     - path: /root/.bash_history
diff --git a/tests/k8s_env/configmap/manifests/ksp-unannotated-allow.yaml b/tests/k8s_env/configmap/manifests/ksp-unannotated-allow.yaml
index 91259172c6..e44a82dd72 100644
--- a/tests/k8s_env/configmap/manifests/ksp-unannotated-allow.yaml
+++ b/tests/k8s_env/configmap/manifests/ksp-unannotated-allow.yaml
@@ -23,6 +23,8 @@ spec:
     - dir: /usr/bin/
     - dir: /proc/
       recursive: true
+    - dir: /dev/
+      recursive: true
     matchPaths:
     - path: /dev/tty
     - path: /lib/terminfo/x/xterm
diff --git a/tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-from-source-path.yaml b/tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-from-source-path.yaml
index 322029377e..4e70b9e368 100644
--- a/tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-from-source-path.yaml
+++ b/tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-from-source-path.yaml
@@ -25,6 +25,8 @@ spec:
         recursive: true
       - dir: /proc/
         recursive: true
+      - dir: /dev/
+        recursive: true
       - dir: /lib/x86_64-linux-gnu/
       - dir: /bin/
   action:
diff --git a/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-dir.yaml b/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-dir.yaml
index da950e1ead..fd84eaa04b 100644
--- a/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-dir.yaml
+++ b/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-dir.yaml
@@ -26,6 +26,8 @@ spec:
       recursive: true
     - dir: /proc/
       recursive: true
+    - dir: /dev/
+      recursive: true
     - dir: /lib/x86_64-linux-gnu/
     - dir: /bin/     
     # - dir: /etc/ # required to change root to user1 (coarse-grained way)
diff --git a/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-path-owner.yaml b/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-path-owner.yaml
index 67cc6d0f21..f583110463 100644
--- a/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-path-owner.yaml
+++ b/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-path-owner.yaml
@@ -39,6 +39,8 @@ spec:
       recursive: true
     - dir: /bin/
       recursive: true  
+    - dir: /dev/
+      recursive: true  
   action:
     Allow
 
diff --git a/tests/k8s_env/smoke/res/ksp-wordpress-block-mount-file.yaml b/tests/k8s_env/smoke/res/ksp-wordpress-block-mount-file.yaml
new file mode 100644
index 0000000000..884c0e4329
--- /dev/null
+++ b/tests/k8s_env/smoke/res/ksp-wordpress-block-mount-file.yaml
@@ -0,0 +1,17 @@
+apiVersion: security.kubearmor.com/v1
+kind: KubeArmorPolicy
+metadata:
+  name: ksp-wordpress-block-mount-file
+  namespace: wordpress-mysql
+spec:
+  severity: 5
+  selector:
+    matchLabels:
+      app: wordpress
+  file:
+    matchDirectories:
+    - dir: /dev/shm/
+      readOnly: true
+      recursive: true
+  action:
+    Block
\ No newline at end of file
diff --git a/tests/k8s_env/smoke/smoke_test.go b/tests/k8s_env/smoke/smoke_test.go
index 31e2500ae0..e99a139414 100644
--- a/tests/k8s_env/smoke/smoke_test.go
+++ b/tests/k8s_env/smoke/smoke_test.go
@@ -268,6 +268,31 @@ var _ = Describe("Smoke", func() {
 			fmt.Printf("OUTPUT: %s\n", sout)
 			Expect(sout).To(MatchRegexp("/etc/shadow.*Permission denied"))
 		})
+
+		It("can block write access and only allow read access to mounted files", func() {
+			// Apply policy
+			err := K8sApplyFile("res/ksp-wordpress-block-mount-file.yaml")
+			Expect(err).To(BeNil())
+
+			// Start Kubearmor Logs
+			err = KarmorLogStart("policy", "wordpress-mysql", "File", wp)
+			Expect(err).To(BeNil())
+
+			// wait for policy creation
+			time.Sleep(5 * time.Second)
+
+			sout, _, err := K8sExecInPod(wp, "wordpress-mysql",
+				[]string{"bash", "-c", "touch /dev/shm/new"})
+			Expect(err).To(BeNil())
+			fmt.Printf("OUTPUT: %s\n", sout)
+			Expect(sout).To(ContainSubstring("Permission denied"))
+
+			// check policy violation alert
+			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			Expect(err).To(BeNil())
+			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-mount-file"))
+			Expect(alerts[0].Severity).To(Equal("5"))
+		})
 	})
 
 })