diff --git a/test/e2e/qat/qatplugin_dpdk.go b/test/e2e/qat/qatplugin_dpdk.go
index df22ca6d..da5a66d3 100644
--- a/test/e2e/qat/qatplugin_dpdk.go
+++ b/test/e2e/qat/qatplugin_dpdk.go
@@ -57,13 +57,19 @@ func describeQatDpdkPlugin() {
 		framework.RunKubectlOrDie(f.Namespace.Name, "--namespace", f.Namespace.Name, "apply", "-k", filepath.Dir(kustomizationPath))
 
 		ginkgo.By("waiting for QAT plugin's availability")
-		if _, err := e2epod.WaitForPodsWithLabelRunningReady(f.ClientSet, f.Namespace.Name,
-			labels.Set{"app": "intel-qat-plugin"}.AsSelector(), 1 /* one replica */, 10*time.Second); err != nil {
+		podList, err := e2epod.WaitForPodsWithLabelRunningReady(f.ClientSet, f.Namespace.Name,
+			labels.Set{"app": "intel-qat-plugin"}.AsSelector(), 1 /* one replica */, 10*time.Second)
+		if err != nil {
 			framework.DumpAllNamespaceInfo(f.ClientSet, f.Namespace.Name)
 			kubectl.LogFailedContainers(f.ClientSet, f.Namespace.Name, framework.Logf)
 			framework.Failf("unable to wait for all pods to be running and ready: %v", err)
 		}
 
+		ginkgo.By("checking QAT plugin's securityContext")
+		if err := utils.TestPodsFileSystemInfo(podList.Items); err != nil {
+			framework.Failf("container filesystem info checks failed: %v", err)
+		}
+
 		ginkgo.By("checking the resource is allocatable")
 		if err := utils.WaitForNodesWithResource(f.ClientSet, "qat.intel.com/generic", 30*time.Second); err != nil {
 			framework.Failf("unable to wait for nodes to have positive allocatable resource: %v", err)
diff --git a/test/e2e/utils/utils.go b/test/e2e/utils/utils.go
index 7499dcf9..d3e11036 100644
--- a/test/e2e/utils/utils.go
+++ b/test/e2e/utils/utils.go
@@ -173,3 +173,25 @@ func TestContainersRunAsNonRoot(pods []v1.Pod) error {
 	}
 	return nil
 }
+
+func printVolumeMounts(vm []v1.VolumeMount) {
+	for _, v := range vm {
+		if !v.ReadOnly {
+			framework.Logf("Available RW volume mounts: %v", v)
+		}
+	}
+}
+
+// TestPodsFileSystemInfo checks that all containers within the Pods run
+// with ReadOnlyRootFileSystem. It also prints RW volume mounts.
+func TestPodsFileSystemInfo(pods []v1.Pod) error {
+	for _, p := range pods {
+		for _, c := range append(p.Spec.InitContainers, p.Spec.Containers...) {
+			if !*c.SecurityContext.ReadOnlyRootFilesystem {
+				return fmt.Errorf("%s (container: %s): Writable root filesystem", p.Name, c.Name)
+			}
+			printVolumeMounts(c.VolumeMounts)
+		}
+	}
+	return nil
+}