diff --git a/daemon/create.go b/daemon/create.go
index aa2c8790d8..5ccd2044b0 100644
--- a/daemon/create.go
+++ b/daemon/create.go
@@ -228,7 +228,7 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts
 	ctr.ImageManifest = imgManifest
 
 	// Set RWLayer for container after mount labels have been set
-	rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping))
+	rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping.RootPair()))
 	if err != nil {
 		return nil, errdefs.System(err)
 	}
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 15ba54874c..3150c5f6d2 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -41,7 +41,6 @@ import (
 	"github.com/docker/docker/libnetwork/options"
 	lntypes "github.com/docker/docker/libnetwork/types"
 	"github.com/docker/docker/opts"
-	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/runconfig"
 	volumemounts "github.com/docker/docker/volume/mounts"
@@ -1256,10 +1255,9 @@ func removeDefaultBridgeInterface() {
 	}
 }
 
-func setupInitLayer(idMapping user.IdentityMapping) func(string) error {
+func setupInitLayer(uid int, gid int) func(string) error {
 	return func(initPath string) error {
-		uid, gid := idMapping.RootPair()
-		return initlayer.Setup(initPath, idtools.Identity{UID: uid, GID: gid})
+		return initlayer.Setup(initPath, uid, gid)
 	}
 }
 
diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go
index 212eba3b50..33c7658f18 100644
--- a/daemon/daemon_windows.go
+++ b/daemon/daemon_windows.go
@@ -56,7 +56,7 @@ func (daemon *Daemon) parseSecurityOpt(daemonCfg *config.Config, securityOptions
 	return nil
 }
 
-func setupInitLayer(idMapping user.IdentityMapping) func(string) error {
+func setupInitLayer(uid int, gid int) func(string) error {
 	return nil
 }
 
diff --git a/daemon/initlayer/setup_unix.go b/daemon/initlayer/setup_unix.go
index 683f2a7a76..392cd5105c 100644
--- a/daemon/initlayer/setup_unix.go
+++ b/daemon/initlayer/setup_unix.go
@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/docker/pkg/idtools"
 	"github.com/moby/sys/user"
 	"golang.org/x/sys/unix"
 )
@@ -17,7 +16,7 @@ import (
 //
 // This extra layer is used by all containers as the top-most ro layer. It protects
 // the container from unwanted side-effects on the rw layer.
-func Setup(initLayerFs string, rootIdentity idtools.Identity) error {
+func Setup(initLayerFs string, uid int, gid int) error {
 	// Since all paths are local to the container, we can just extract initLayerFs.Path()
 	initLayer := initLayerFs
 
@@ -42,12 +41,12 @@ func Setup(initLayerFs string, rootIdentity idtools.Identity) error {
 
 		if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil {
 			if os.IsNotExist(err) {
-				if err := user.MkdirAllAndChown(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
+				if err := user.MkdirAllAndChown(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, uid, gid, user.WithOnlyNew); err != nil {
 					return err
 				}
 				switch typ {
 				case "dir":
-					if err := user.MkdirAllAndChown(filepath.Join(initLayer, pth), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
+					if err := user.MkdirAllAndChown(filepath.Join(initLayer, pth), 0o755, uid, gid, user.WithOnlyNew); err != nil {
 						return err
 					}
 				case "file":
@@ -55,7 +54,7 @@ func Setup(initLayerFs string, rootIdentity idtools.Identity) error {
 					if err != nil {
 						return err
 					}
-					f.Chown(rootIdentity.UID, rootIdentity.GID)
+					f.Chown(uid, gid)
 					f.Close()
 				default:
 					if err := os.Symlink(typ, filepath.Join(initLayer, pth)); err != nil {
diff --git a/plugin/manager_linux.go b/plugin/manager_linux.go
index fa44cca969..a2bb166f26 100644
--- a/plugin/manager_linux.go
+++ b/plugin/manager_linux.go
@@ -13,7 +13,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/daemon/initlayer"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/pkg/stringid"
 	v2 "github.com/docker/docker/plugin/v2"
@@ -55,7 +54,7 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error {
 	}
 
 	rootFS := filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName)
-	if err := initlayer.Setup(rootFS, idtools.Identity{UID: 0, GID: 0}); err != nil {
+	if err := initlayer.Setup(rootFS, 0, 0); err != nil {
 		return errors.WithStack(err)
 	}