Issue

It is not possible to pull the RHEL 6.7 container image, registry.access.redhat.com/rhel6.7. It fails with one of the following errors:

# docker run -ti registry.access.redhat.com/rhel6.7 bash
Unable to find image 'registry.access.redhat.com/rhel6.7:latest' locally
Trying to pull repository registry.access.redhat.com/rhel6.7 ... 
latest: Pulling from registry.access.redhat.com/rhel6.7
70d17a322519: Extracting [==================================================>] 61.43 MB/61.43 MB
/usr/bin/docker-current: failed to register layer: Error processing tar file(exit status 1): invalid argument.

# docker pull registry.access.redhat.com/rhel6.7
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhel6.7 ...
sha256:1e4631bcdf425bf7d6f70f5f228f372107cc9098368742923ce4acedebe0c145: Pulling from registry.access.redhat.com/rhel6.7
70d17a322519: Extracting [==================================================>] 61.43 MB/61.43 MB
failed to register layer: ApplyLayer exit status 1 stdout:  stderr: invalid argument

The SELinux status is Enforcing

# getenforce 
Enforcing

It is possible to see the following AVC message on the node

type=AVC msg=audit(1520853514.663:6200): avc:  denied  { mac_admin } for  pid=25799 comm="exe" capability=33  scontext=system_u:system_r:container_runtime_t:s0 tcontext=system_u:system_r:container_runtime_t:s0 tclass=capability2 permissive=0
type=SELINUX_ERR msg=audit(1520853514.663:6201): op=setxattr invalid_context="system_u:object_r:tzdata_exec_t:s0"

Once the SELinux is in Permissive/Disabled mode the 6.7 image works