diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
index 3e5367936..4189cd860 100644
--- a/pkg/server/container_create.go
+++ b/pkg/server/container_create.go
@@ -186,7 +186,7 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 	if len(volumeMounts) > 0 {
 		mountMap := make(map[string]string)
 		for _, v := range volumeMounts {
-			mountMap[v.HostPath] = v.ContainerPath
+			mountMap[filepath.Clean(v.HostPath)] = v.ContainerPath
 		}
 		opts = append(opts, customopts.WithVolumes(mountMap))
 	}
@@ -750,7 +750,7 @@ func setOCIBindMountsPrivileged(g *generator) {
 	spec := g.Config
 	// clear readonly for /sys and cgroup
 	for i, m := range spec.Mounts {
-		if spec.Mounts[i].Destination == "/sys" {
+		if filepath.Clean(spec.Mounts[i].Destination) == "/sys" {
 			clearReadOnly(&spec.Mounts[i])
 		}
 		if m.Type == "cgroup" {
@@ -908,7 +908,7 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {
 	// TODO(random-liu): Mount tmpfs for /run and handle copy-up.
 	var mounts []runtimespec.Mount
 	for _, mount := range spec.Mounts {
-		if mount.Destination == "/run" {
+		if filepath.Clean(mount.Destination) == "/run" {
 			continue
 		}
 		mounts = append(mounts, mount)
diff --git a/pkg/server/container_create_test.go b/pkg/server/container_create_test.go
index 040f42757..5c4ad377d 100644
--- a/pkg/server/container_create_test.go
+++ b/pkg/server/container_create_test.go
@@ -307,7 +307,8 @@ func TestContainerSpecWithExtraMounts(t *testing.T) {
 	config, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
 	c := newTestCRIService()
 	mountInConfig := &runtime.Mount{
-		ContainerPath: "test-container-path",
+		// Test cleanpath
+		ContainerPath: "test-container-path/",
 		HostPath:      "test-host-path",
 		Readonly:      false,
 	}
@@ -334,7 +335,7 @@ func TestContainerSpecWithExtraMounts(t *testing.T) {
 	specCheck(t, testID, testSandboxID, testPid, spec)
 	var mounts, sysMounts, devMounts []runtimespec.Mount
 	for _, m := range spec.Mounts {
-		if m.Destination == "test-container-path" {
+		if strings.HasPrefix(m.Destination, "test-container-path") {
 			mounts = append(mounts, m)
 		} else if m.Destination == "/sys" {
 			sysMounts = append(sysMounts, m)
@@ -499,6 +500,21 @@ func TestGenerateVolumeMounts(t *testing.T) {
 				"/test-volume-2",
 			},
 		},
+		"should compare and return cleanpath": {
+			criMounts: []*runtime.Mount{
+				{
+					ContainerPath: "/test-volume-1",
+					HostPath:      "/test-hostpath-1",
+				},
+			},
+			imageVolumes: map[string]struct{}{
+				"/test-volume-1/": {},
+				"/test-volume-2/": {},
+			},
+			expectedMountDest: []string{
+				"/test-volume-2/",
+			},
+		},
 	} {
 		t.Logf("TestCase %q", desc)
 		config := &imagespec.ImageConfig{
diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go
index 51e4a8d0c..06fb9f22b 100644
--- a/pkg/server/helpers.go
+++ b/pkg/server/helpers.go
@@ -374,7 +374,7 @@ func checkSelinuxLevel(level string) (bool, error) {
 // isInCRIMounts checks whether a destination is in CRI mount list.
 func isInCRIMounts(dst string, mounts []*runtime.Mount) bool {
 	for _, m := range mounts {
-		if m.ContainerPath == dst {
+		if filepath.Clean(m.ContainerPath) == filepath.Clean(dst) {
 			return true
 		}
 	}