@@ -4,7 +4,6 @@ import (

 	"context"

 	"github.com/containerd/containerd"

-	"github.com/containerd/containerd/containers"

 	"github.com/containerd/containerd/oci"

 	coci "github.com/containerd/containerd/oci"

 	"github.com/containerd/containerd/pkg/apparmor"

@@ -14,13 +13,6 @@ import (

 	specs "github.com/opencontainers/runtime-spec/specs-go"

 )

-func withResetAdditionalGIDs() oci.SpecOpts {

-	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {

-		s.Process.User.AdditionalGids = nil

-		return nil

-	}

-}

-

 func getUserFromContainerd(ctx context.Context, containerdCli *containerd.Client, ec *container.ExecConfig) (specs.User, error) {

 	ctr, err := containerdCli.LoadContainer(ctx, ec.Container.ID)

 	if err != nil {

@@ -39,7 +31,6 @@ func getUserFromContainerd(ctx context.Context, containerdCli *containerd.Client

 	opts := []oci.SpecOpts{

 		coci.WithUser(ec.User),

-		withResetAdditionalGIDs(),

 		coci.WithAdditionalGIDs(ec.User),

 		coci.WithAppendAdditionalGroups(ec.Container.HostConfig.GroupAdd...),

 	}