+++ This bug was initially created as a clone of Bug #1965330 +++ Description of problem: RHEL images now contain two files with security capabilities that are being set, as described here: https://projects.engineering.redhat.com/browse/RHELBLD-4379 This results in failures during oc image extract because the extraction process can't set the capability on the extracted file (because the user doesn't have permission to do so): $ oc image extract registry-proxy.engineering.redhat.com/rh-osbs/iib:76743 error: unable to extract layer sha256:53732dad4680ae165f569331357b89605c03583057db7193a7a4fabdf312f061 from registry-proxy.engineering.redhat.com/rh-osbs/iib:76743: operation not permitted RHEL has since reversed this change because of the impact on OCP, but will want to re-assert the change once OCP is patched to tolerate these files/capabilities. The fix to oc will need to be backported all the way to at least 4.6 to ensure customers have a working binary to consume. Version-Release number of selected component (if applicable): 4.8 but expectation is that all versions are affected. How reproducible: always (when using an image w/ these files/capabilities set) Actual results: permission failure extracting the image Expected results: files are extracted successfully Additional info:
*** This bug has been marked as a duplicate of bug 1969929 ***