The RHEL 6.7 docker image pull fails with "invalid argument" message in Enforcing mode

Solution Verified - Updated -

Issue

It is not possible to pull the RHEL 6.7 container image, registry.access.redhat.com/rhel6.7. It fails with one of the following errors:

# docker run -ti registry.access.redhat.com/rhel6.7 bash
Unable to find image 'registry.access.redhat.com/rhel6.7:latest' locally
Trying to pull repository registry.access.redhat.com/rhel6.7 ... 
latest: Pulling from registry.access.redhat.com/rhel6.7
70d17a322519: Extracting [==================================================>] 61.43 MB/61.43 MB
/usr/bin/docker-current: failed to register layer: Error processing tar file(exit status 1): invalid argument.
# docker pull registry.access.redhat.com/rhel6.7
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhel6.7 ...
sha256:1e4631bcdf425bf7d6f70f5f228f372107cc9098368742923ce4acedebe0c145: Pulling from registry.access.redhat.com/rhel6.7
70d17a322519: Extracting [==================================================>] 61.43 MB/61.43 MB
failed to register layer: ApplyLayer exit status 1 stdout:  stderr: invalid argument

The SELinux status is Enforcing

# getenforce 
Enforcing

It is possible to see the following AVC message on the node

type=AVC msg=audit(1520853514.663:6200): avc:  denied  { mac_admin } for  pid=25799 comm="exe" capability=33  scontext=system_u:system_r:container_runtime_t:s0 tcontext=system_u:system_r:container_runtime_t:s0 tclass=capability2 permissive=0
type=SELINUX_ERR msg=audit(1520853514.663:6201): op=setxattr invalid_context="system_u:object_r:tzdata_exec_t:s0"

Once the SELinux is in Permissive/Disabled mode the 6.7 image works

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • docker
  • registry.access.redhat.com/rhel6.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content