diff --git a/internal/shared/util/image/filters.go b/internal/shared/util/image/filters.go
index e32c7fca2..1bf282693 100644
--- a/internal/shared/util/image/filters.go
+++ b/internal/shared/util/image/filters.go
@@ -23,6 +23,8 @@ func forceOwnershipRWX() archive.Filter {
 		h.Uid = uid
 		h.Gid = gid
 		h.Mode |= 0700
+		h.PAXRecords = nil
+		h.Xattrs = nil //nolint:staticcheck
 		return true, nil
 	}
 }
diff --git a/internal/shared/util/image/filters_test.go b/internal/shared/util/image/filters_test.go
index 10d97455d..d3e81be5b 100644
--- a/internal/shared/util/image/filters_test.go
+++ b/internal/shared/util/image/filters_test.go
@@ -2,11 +2,39 @@ package image
 
 import (
 	"archive/tar"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/util/rand"
 )
 
+func TestForceOwnershipRWX(t *testing.T) {
+	h := tar.Header{
+		Name: "foo/bar",
+		Mode: 0000,
+		Uid:  rand.Int(),
+		Gid:  rand.Int(),
+		Xattrs: map[string]string{ //nolint:staticcheck
+			"foo": "bar",
+		},
+		PAXRecords: map[string]string{
+			"fizz": "buzz",
+		},
+	}
+	ok, err := forceOwnershipRWX()(&h)
+	require.NoError(t, err)
+	assert.True(t, ok)
+
+	assert.Equal(t, "foo/bar", h.Name)
+	assert.Equal(t, int64(0700), h.Mode)
+	assert.Equal(t, os.Getuid(), h.Uid)
+	assert.Equal(t, os.Getgid(), h.Gid)
+	assert.Nil(t, h.PAXRecords)
+	assert.Nil(t, h.Xattrs) //nolint:staticcheck
+}
+
 func TestOnlyPath(t *testing.T) {
 	type testCase struct {
 		name       string