Prisma Cloud Compute : Failed to pull Image from Registry for Scanning with Error message 'Error processing tar file(exit status 1): operation not permitted'

• Prisma Cloud Compute : Failed to pull Image from Registry for Scanning with Error message 'Error processing tar file(exit status 1): operation not permitted'

• Defender Logs will also show other errors such as 'Error committing the finished image: error adding layer with blob'. 

ERRO YYYY-MM-DDT Failed to pull image: Error committing the finished image: error adding layer with blob "<SHA-ID of image>": Error processing tar file(exit status 1): operation not permitted

• Prisma Cloud Compute

• Defender is not running as privileged

1. Enable 'Run Defenders as privileged' during defender deployment.
2. Redeploy the Defender.

• You may also try enabling SELinux on the host and 'Deploy Defenders with SELinux Policy' option during Defender Deployment.
• In an OpenShift environment, update your SCC (An SCC is an OpenShift resource that restricts a pod to a group of resources and is similar to the Kubernetes security context resource) to use our SCC from helm charts (non-privileged).

• Restricted: restricted denies access to all host features and requires pods to be run with a UID, and SELinux context that are allocated to the namespace. This is the most restrictive SCC and it is used by default for authenticated users
• hostaccess: hostaccess allows access to all host namespaces but still requires pods to be run with a UID and SELinux context that are allocated to the namespace. WARNING: this SCC allows host access to namespaces, file systems, and PIDS. It should only be used by trusted pods. Grant with caution.
• Privileged : privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. WARNING: this is the most relaxed SCC and should be used only for cluster administration. Grant with caution.