From 63b7fd79bd536d5888eedda31f5d50bafe43964e Mon Sep 17 00:00:00 2001
From: Pavel Busko <pavel.busko@sap.com>
Date: Tue, 14 Nov 2023 14:01:23 +0100
Subject: [PATCH] fix(cnbBuild): do not set supplementary groups for lifecycle
 (#4675)

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
---
 cmd/cnbBuild.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cmd/cnbBuild.go b/cmd/cnbBuild.go
index 4e0a943ba4..886f544886 100644
--- a/cmd/cnbBuild.go
+++ b/cmd/cnbBuild.go
@@ -583,8 +583,9 @@ func runCnbBuild(config *cnbBuildOptions, telemetry *buildpacks.Telemetry, image
 	creatorArgs = append(creatorArgs, fmt.Sprintf("%s:%s", containerImage, targetImage.ContainerImageTag))
 	attr := &syscall.SysProcAttr{
 		Credential: &syscall.Credential{
-			Uid: uint32(uid),
-			Gid: uint32(gid),
+			Uid:         uint32(uid),
+			Gid:         uint32(gid),
+			NoSetGroups: true,
 		},
 	}