Description of problem:
Something creates the directory '/dev/dev'. Inside it is a symbolic link to the disk device 'sda2' - a swap partition.
The link is called 'resume' but points to '../../sda2'.
Obviously '../..' takes us to the root partition, where 'sda2' does not exist.
I suspect it should point to '../sda2', which does exist.


Version-Release number of selected component (if applicable):
util-linux-2.24-2.fc20.x86_64
filesystem-3.2-19.fc20.x86_64

How reproducible:
Not sure! I cannot see what is creating '/dev/dev'.

Steps to Reproduce:
1.Install F20
2.
3.

Actual results:
As above in description - '/dev/dev' is created, but contains an invalid link.
Some info:
# ls -ldZ /dev/dev
drwxr-xr-x. root root system_u:object_r:device_t:s0    /dev/dev

# rpm -qf /dev/dev
file /dev/dev is not owned by any package

cd /dev/dev
# ls -lZ
lrwxrwxrwx. root root system_u:object_r:device_t:s0    resume -> ../../sda2

# ls -l ../../sda2
ls: cannot access ../../sda2: No such file or directory

# ls -l ../sda2
brw-rw----. 1 root disk 8, 2 Dec 28 18:44 ../sda2

# swapon -s
Filename                                Type            Size    Used    Priority
/dev/sda2                               partition       8388604 0       0
/dev/sdc2                               partition       8388604 0       0


Expected results:
I suspect '/dev/dev' should not exist?


Additional info:
I have only just installed F20, but 'rkhunter' detects '/dev/dev' as part of a rootkit. This is how I noticed the problem.
Using 'swapon -s' shows both my swap partitions (sda2 and sdc2) as being available.
Commenting out the 'sda2' entry from '/etc/fstab', then rebooting, makes no difference. The '/dev/dev' directory and invalid link are still created.
Booting to single user mode also made no difference - directory and link were still there.