diff --git a/rock/deployments/docker.py b/rock/deployments/docker.py
index 9783a25d..e3e23c4d 100644
--- a/rock/deployments/docker.py
+++ b/rock/deployments/docker.py
@@ -353,7 +353,7 @@ def _prepare_volume_mounts(self) -> list[str]:
             local_path = config["local"]
             container_path = config["container"]
             if os.path.exists(local_path):
-                volume_args.extend(["-v", f"{local_path}:{container_path}"])
+                volume_args.extend(["-v", f"{local_path}:{container_path}:ro"])
 
         logger.info(f"volume_args: {volume_args}")
         return volume_args
diff --git a/rock/deployments/runtime_env.py b/rock/deployments/runtime_env.py
index 27ad4648..d27a4acb 100644
--- a/rock/deployments/runtime_env.py
+++ b/rock/deployments/runtime_env.py
@@ -63,7 +63,7 @@ def get_rocklet_start_cmd(self):
 
         Makes the docker_run.sh script executable and executes it.
         """
-        cmd = "chmod +x /tmp/local_files/docker_run.sh && /tmp/local_files/docker_run.sh"
+        cmd = "cp /tmp/local_files/docker_run.sh /tmp/docker_run.sh && chmod +x /tmp/docker_run.sh && /tmp/docker_run.sh"
         return cmd
 
 
@@ -118,7 +118,7 @@ def get_rocklet_start_cmd(self):
 
         Makes the docker_run.sh script executable and executes it.
         """
-        cmd = "chmod +x /tmp/local_files/docker_run.sh && /tmp/local_files/docker_run.sh"
+        cmd = "cp /tmp/local_files/docker_run.sh /tmp/docker_run.sh && chmod +x /tmp/docker_run.sh && /tmp/docker_run.sh"
         return cmd
 
 
@@ -165,8 +165,9 @@ def get_rocklet_start_cmd(self):
 
         container_project_root = f"/tmp{self._runtime_config.project_root}"
         cmd = (
-            f"chmod +x /tmp/local_files/docker_run_with_uv.sh && "
-            f"/tmp/local_files/docker_run_with_uv.sh '{container_project_root}'"
+            f"cp /tmp/local_files/docker_run_with_uv.sh /tmp/docker_run_with_uv.sh &&"
+            f"chmod +x /tmp/docker_run_with_uv.sh && "
+            f"/tmp/docker_run_with_uv.sh '{container_project_root}'"
         )
         return cmd
 
@@ -188,5 +189,5 @@ def get_volume_mounts(self):
         return mount_configs
 
     def get_rocklet_start_cmd(self):
-        cmd = "chmod +x /tmp/local_files/docker_run_with_pip.sh && /tmp/local_files/docker_run_with_pip.sh"
+        cmd = "cp /tmp/local_files/docker_run_with_pip.sh /tmp/docker_run_with_pip.sh && chmod +x /tmp/docker_run_with_pip.sh && /tmp/docker_run_with_pip.sh"
         return cmd
diff --git a/tests/integration/sdk/sandbox/test_sdk_client.py b/tests/integration/sdk/sandbox/test_sdk_client.py
index 78ec04a1..6bd2720d 100644
--- a/tests/integration/sdk/sandbox/test_sdk_client.py
+++ b/tests/integration/sdk/sandbox/test_sdk_client.py
@@ -34,3 +34,23 @@ async def test_arun_timeout(sandbox_instance: Sandbox):
     assert resp.output.__contains__("Command execution failed due to timeout")
 
     await sandbox_instance.stop()
+
+@pytest.mark.need_admin
+@SKIP_IF_NO_DOCKER
+@pytest.mark.asyncio
+async def test_update_mount(sandbox_instance: Sandbox):
+    with pytest.raises(Exception) as exc_info:
+        await sandbox_instance.arun(session="default", cmd="rm -rf /tmp/miniforge/bin")
+    assert "Read-only file system" in str(exc_info.value)
+
+    with pytest.raises(Exception) as exc_info:
+        await sandbox_instance.arun(session="default", cmd="rm -rf /tmp/local_files/docker_run.sh")
+    assert "Read-only file system" in str(exc_info.value)
+
+    with pytest.raises(Exception) as exc_info:
+        await sandbox_instance.arun(session="default", cmd="chmod +x /tmp/local_files/docker_run.sh")
+    assert "Read-only file system" in str(exc_info.value)
+
+    with pytest.raises(Exception) as exc_info:
+        await sandbox_instance.arun(session="default", cmd="touch /tmp/local_files/test.txt")
+    assert "Read-only file system" in str(exc_info.value)