-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
None
-
No
-
Moderate
-
1
-
rhel-sst-security-selinux
-
ssg_security
-
1
-
False
-
-
None
-
SELINUX 241127 - 241218
-
None
-
Needed
-
None
-
None
https://bugzilla.redhat.com/show_bug.cgi?id=2323728
Running `fixfiles` results in errors from grep:
```
$ sudo fixfiles -B onboot
grep: Invalid back reference
grep: Invalid back reference
grep: Invalid back reference
grep: Invalid back reference
System will relabel on next boot
```I tracked it down to lines 48 and 50 in /usr/sbin/fixfiles and found that the command `grep " $i " /proc/self/mounts` produces these errors when the variable FS contains luks-encrypted filesystems.
Reproducible: Always
Steps to Reproduce:
To reproduce, one can simulate the error:```
$ FS=("/run/credentials/systemd-cryptsetup@luks\134xsomeothercontent.service")
$ for i in $FS; do grep " $i " /proc/self/mounts | echo $i; done
/run/credentials/systemd-cryptsetup@luks\134xsomeothercontent.service
grep: Invalid back reference
```
Actual Results:
An error message appears when fixfiles is run with a luks-encrypted filesystem.Expected Results:
There should be no error from grep when running fixfiles.Changing `grep " $i " /proc/self/mounts` to `grep -F " $i " /proc/self/mounts` seems to fix the error, but I do not know if using `-F` is the correct behavior.
Since `fixfiles` is an optional post-upgrade action documented at https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-offline/#sect-relabel-files-with-the-latest-selinux-policy , and since filesystem encryption is somewhat common, this should be listed in the CommonBugs.
