+++ This bug was initially created as a clone of Bug #1214394 +++

Description of problem: 

Running a container without --privileged will remount /sys as read only on the host machine.

Verified with docker-io-1.7.1-2.el6.x86_64 on RHEL 6.7

How reproducible: Always

Steps to Reproduce: 

1. Install docker-io
2. Start a container without --privileged (e.g docker run -it --rm busybox date)
3. /sys is now mounted RO on the host

Expected results: 

/sys should be read-only within the container, but remain read-write for the host

Additional docker version information:

# docker info
Containers: 10
Images: 179
Storage Driver: devicemapper
 Pool Name: docker-253:0-27395432-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 8.951 GB
 Data Space Total: 107.4 GB
 Data Space Available: 98.42 GB
 Metadata Space Used: 10.13 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.137 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.95-RHEL6 (2015-07-29)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 2.6.32-573.3.1.el6.x86_64
Operating System: <unknown>
CPUs: 2
Total Memory: 1.808 GiB
Name: -
ID: IHHZ:XJ2C:4JQL:AN6P:I7KG:7Y3P:FIEC:P5NK:QKSA:PTKR:CDHR:RILN

# docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d/1.7.1
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d/1.7.1
OS/Arch (server): linux/amd64