Unable to pull container images with podman, buildah, or skopeo when McAfee is present

Solution Verified - Updated -


  • When using McAfee Agent and Red Hat container-tools, such as podman, to pull images, errors such as the below appear:
# podman pull docker/io/nginx
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob b78b95af9b17 done
Copying blob c7d6bca2b8dc done
Copying blob cf16cd8e71e0 done
Copying blob aa1efa14b3bf done
Copying blob 0241c68333ef done
Copying blob f7ec5a41d630 done
Copying config 62d49f9bab done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): open /etc/passwd: permission denied
Error: Error committing the finished image: error adding layer with blob "sha256:f7ec5a41d630a33a2d1db59b95d89d93de7ae5a619a3a8571b78457e48266eba": Error processing tar file(exit status 1): open /etc/passwd: permission denied
  • For the situation described in this KnowledgeBase solution, this only appears to happen when the McAfee Agent software is loaded on nodes, which consists of several services, binaries, and kernel modules.


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat OpenShift Container Platform
  • Podman, Buildah, Skopeo, Docker, and CRI-O

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content