diff --git a/hakoniwa-cli/src/embed/KISS-policy.toml b/hakoniwa-cli/src/embed/KISS-policy.toml
index aa88af8..1d14617 100644
--- a/hakoniwa-cli/src/embed/KISS-policy.toml
+++ b/hakoniwa-cli/src/embed/KISS-policy.toml
@@ -4,9 +4,9 @@ mounts = [
   { source = "/lib64"      , target = "/lib64"       },
   { source = "/usr"        , target = "/usr"         },
   { source = "/dev/null"   , target = "/dev/null"     , rw = true },
-  { source = "/dev/random" , target = "/dev/random"  },
-  { source = "/dev/urandom", target = "/dev/urandom" },
-  { source = "/dev/zero"   , target = "/dev/zero"    },
+  { source = "/dev/random" , target = "/dev/random"   , rw = true },
+  { source = "/dev/urandom", target = "/dev/urandom"  , rw = true },
+  { source = "/dev/zero"   , target = "/dev/zero"     , rw = true },
 ]
 
 [env]
diff --git a/hakoniwa/tests/sandbox_policy_test.rs b/hakoniwa/tests/sandbox_policy_test.rs
index 6c23530..0c0836c 100644
--- a/hakoniwa/tests/sandbox_policy_test.rs
+++ b/hakoniwa/tests/sandbox_policy_test.rs
@@ -56,12 +56,6 @@ mod sandbox_policy_test {
             assert_eq!(result.status, ExecutorResultStatus::Ok);
             assert_eq!(result.exit_code, Some(0));
             assert!(String::from_utf8_lossy(&result.stdout).contains("rw,"));
-
-            let mut executor = sandbox().command("findmnt", &["findmnt", "-n", "-T", "/dev/zero"]);
-            let result = executor.run();
-            assert_eq!(result.status, ExecutorResultStatus::Ok);
-            assert_eq!(result.exit_code, Some(0));
-            assert!(String::from_utf8_lossy(&result.stdout).contains("ro,"));
         }
 
         #[test]