diff --git a/focker/compose.py b/focker/compose.py
index 0175268..f3566fd 100644
--- a/focker/compose.py
+++ b/focker/compose.py
@@ -77,6 +77,11 @@ def build_volumes(spec):
             os.chmod(mountpoint, params['chmod'])
         if 'zfs' in params:
             zfs_set_props(name, params['zfs'])
+        if 'protect' in params:
+            if params['protect']:
+                zfs_set_props(name, { 'focker:protect': 'on' })
+            else:
+                zfs_run(['zfs', 'inherit', '-r', 'focker:protect', name])
 
 
 def build_images(spec, path, args):
diff --git a/tests/test_compose.py b/tests/test_compose.py
index 07f6962..596fdb8 100644
--- a/tests/test_compose.py
+++ b/tests/test_compose.py
@@ -122,6 +122,7 @@ def test_build_volumes():
         'test-build-volumes': {
             'chown': '65534:65534',
             'chmod': 0o123,
+            'protect': True,
             'zfs': {
                 'quota': '1G',
                 'readonly': 'on'
@@ -134,9 +135,10 @@ def test_build_volumes():
     assert st.st_uid == 65534
     assert st.st_gid == 65534
     assert ('%o' % st.st_mode)[-3:] == '123'
-    zst = zfs_parse_output(['zfs', 'get', '-H', 'quota,readonly', name])
+    zst = zfs_parse_output(['zfs', 'get', '-H', 'quota,readonly,focker:protect', name])
     assert zst[0][2] == '1G'
     assert zst[1][2] == 'on'
+    assert zst[2][2] == 'on'
     subprocess.check_output(['zfs', 'destroy', '-r', '-f', name])