diff --git a/components/engine/daemon/execdriver/native/template/default_template.go b/components/engine/daemon/execdriver/native/template/default_template.go
index e14be6aee5..ecedcfc8cb 100644
--- a/components/engine/daemon/execdriver/native/template/default_template.go
+++ b/components/engine/daemon/execdriver/native/template/default_template.go
@@ -82,16 +82,16 @@ func New() *configs.Config {
 		},
 		MaskPaths: []string{
 			"/proc/kcore",
+			"/proc/latency_stats",
+			"/proc/timer_stats",
 		},
 		ReadonlyPaths: []string{
 			"/proc/asound",
 			"/proc/bus",
 			"/proc/fs",
 			"/proc/irq",
-			"/proc/latency_stats",
 			"/proc/sys",
 			"/proc/sysrq-trigger",
-			"/proc/timer_stats",
 		},
 	}
 
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index d94ebe7851..3b6c2e77e7 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -3078,20 +3078,32 @@ func TestRunWriteToProcAsound(t *testing.T) {
 	logDone("run - ro write to /proc/asound")
 }
 
-func TestRunWriteToProcTimer(t *testing.T) {
+func TestRunReadProcTimer(t *testing.T) {
 	defer deleteAllContainers()
-	code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/timer_stats"))
-	if err == nil || code == 0 {
-		t.Fatal("standard container should not be able to write to /proc/timer_stats")
+	out, code, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "busybox", "cat", "/proc/timer_stats"))
+	if err != nil || code != 0 {
+		t.Fatal(err)
 	}
-	logDone("run - ro write to /proc/timer_stats")
+	if strings.Trim(out, "\n ") != "" {
+		t.Fatalf("expected to receive no output from /proc/timer_stats but received %q", out)
+	}
+	logDone("run - read /proc/timer_stats")
 }
 
-func TestRunWriteToProcLatency(t *testing.T) {
-	defer deleteAllContainers()
-	code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/latency_stats"))
-	if err == nil || code == 0 {
-		t.Fatal("standard container should not be able to write to /proc/latency_stats")
+func TestRunReadProcLatency(t *testing.T) {
+	// some kernels don't have this configured so skip the test if this file is not found
+	// on the host running the tests.
+	if _, err := os.Stat("/proc/latency_stats"); err != nil {
+		t.Skip()
+		return
 	}
-	logDone("run - ro write to /proc/latency_stats")
+	defer deleteAllContainers()
+	out, code, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "busybox", "cat", "/proc/latency_stats"))
+	if err != nil || code != 0 {
+		t.Fatal(err)
+	}
+	if strings.Trim(out, "\n ") != "" {
+		t.Fatalf("expected to receive no output from /proc/latency_stats but received %q", out)
+	}
+	logDone("run - read /proc/latency_stats")
 }