diff --git a/runconfig/config.go b/runconfig/config.go
index 43de4bb998..c9dc6e96ea 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -79,6 +79,11 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon
 		return nil, nil, nil, err
 	}
 
+	// Validate ReadonlyRootfs
+	if err := validateReadonlyRootfs(hc); err != nil {
+		return nil, nil, nil, err
+	}
+
 	return w.Config, hc, w.NetworkingConfig, nil
 }
 
diff --git a/runconfig/hostconfig_unix.go b/runconfig/hostconfig_unix.go
index 9af32b8a6f..a60daa8787 100644
--- a/runconfig/hostconfig_unix.go
+++ b/runconfig/hostconfig_unix.go
@@ -103,3 +103,8 @@ func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
 func validatePrivileged(hc *container.HostConfig) error {
 	return nil
 }
+
+// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
+func validateReadonlyRootfs(hc *container.HostConfig) error {
+	return nil
+}
diff --git a/runconfig/hostconfig_windows.go b/runconfig/hostconfig_windows.go
index 63bc7523be..9ca93ae508 100644
--- a/runconfig/hostconfig_windows.go
+++ b/runconfig/hostconfig_windows.go
@@ -82,3 +82,15 @@ func validatePrivileged(hc *container.HostConfig) error {
 	}
 	return nil
 }
+
+// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
+func validateReadonlyRootfs(hc *container.HostConfig) error {
+	// We may not be passed a host config, such as in the case of docker commit
+	if hc == nil {
+		return nil
+	}
+	if hc.ReadonlyRootfs {
+		return fmt.Errorf("invalid --read-only: Windows does not support this feature")
+	}
+	return nil
+}