Copy from bug #535992: Jan 8 01:37:29 testbed kernel: [28549.837071] audit: type=1400 audit(1420702649.391:1264): avc: denied { search } for pid=10336 comm="lvcreate" name="/" dev="tmpfs" ino=5425 ipaddr=173.173.113.156 scontext=root:sysadm_r:lvm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 There is no direct reason why LVM utilities would search through cgroup location (the node that the denial mentions is /sys/fs/cgroup). A grep through the LVM2 sources does not talk about cgroups. This might be glibc related, but the glibc code does not often talk about cgroups and it is not clear to me when or why it would occur. Reproducible: Always