+++ This bug was initially created as a clone of Bug #1965330 +++
Description of problem:
RHEL images now contain two files with security capabilities that are being set, as described here:
This results in failures during oc image extract because the extraction process can't set the capability on the extracted file (because the user doesn't have permission to do so):
$ oc image extract registry-proxy.engineering.redhat.com/rh-osbs/iib:76743
error: unable to extract layer sha256:53732dad4680ae165f569331357b89605c03583057db7193a7a4fabdf312f061 from registry-proxy.engineering.redhat.com/rh-osbs/iib:76743: operation not permitted
RHEL has since reversed this change because of the impact on OCP, but will want to re-assert the change once OCP is patched to tolerate these files/capabilities.
The fix to oc will need to be backported all the way to at least 4.6 to ensure customers have a working binary to consume.
Version-Release number of selected component (if applicable):
4.8 but expectation is that all versions are affected.
always (when using an image w/ these files/capabilities set)
permission failure extracting the image
files are extracted successfully
*** This bug has been marked as a duplicate of bug 1969929 ***