diff --git a/docker/allow/container.go b/docker/allow/container.go
index b525d6bc..32797468 100644
--- a/docker/allow/container.go
+++ b/docker/allow/container.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net"
 	"path"
+	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api/types/container"
@@ -45,6 +46,7 @@ func ContainerCreate(req authorization.Request, config *types.Config) *types.All
 		for _, b := range cc.HostConfig.Binds {
 			vol := strings.Split(b, ":")
 
+			vol[0], _ = filepath.Abs(vol[0])
 			if !AllowVolume(vol[0], config) {
 				return &types.AllowResult{
 					Allow: false,
@@ -427,6 +429,11 @@ func AllowVolume(vol string, config *types.Config) bool {
 		return false
 	}
 
+	evaluatedVol, _ := filepath.EvalSymlinks(vol)
+	if strings.Compare(vol, evaluatedVol) != 0 {
+		return false
+	}
+
 	// Check for one volume path
 	vo := objtypes.VolumeOptions{
 		Recursive: false,