Check how /dev is mounted.   (cat /proc/mounts)
Check /dev/mapper nodes are right (ls -l;  dmsetup info -c)

And is selinux enabled? If so, is it logging any errors?

turned out fixfiles restore /dev/mapper/* fixed this.

doesn't feel right.

Duplicate of bug 156862 ?

*** This bug has been marked as a duplicate of 156862 ***

udev-057-4, which fixes bug 156862, does not resolve this.

the problem here is that newly-created volumes have the wrong security context.
for example:

[root@blast ~]# lvcreate -n dummy -L 100M VolGroup00
  Rounding up size to full physical extent 128.00 MB
  Logical volume "dummy" created
[root@blast ~]# ls --lcontext /dev/mapper/VolGroup00-*
brw-rw----  1 root:object_r:device_t           root disk 253, 3 May  7 09:59
/dev/mapper/VolGroup00-dummy
brw-rw----  1 system_u:object_r:fixed_disk_device_t root disk 253, 0 May  4
18:00 /dev/mapper/VolGroup00-fc4i386
brw-rw----  1 system_u:object_r:fixed_disk_device_t root disk 253, 2 May  5
20:47 /dev/mapper/VolGroup00-fc4x86_64
brw-rw----  1 system_u:object_r:fixed_disk_device_t root disk 253, 1 May  4
18:00 /dev/mapper/VolGroup00-swap

the 'dummy' volume has the wrong security context, and selinux won't let me
format it. lvm or udev, whichever is responsible for creating the device node,
needs to take care of the security context, not just the old unix permissions.

a reboot between lvcreate and ls --lcontext works around the problem: the volume
appears with the correct security context.

If lvm2 creates it, the security context should get set correctly (this happens
inside libdevmapper).

Did you add some udev rules that are interfering with lvm2 operations?

Run the lvcreate command with debugging enabled (-vvvv) and add 'activate = 1'
to the log section of /etc/lvm/lvm.conf.  [Remove that entry afterwards]
Look for the 'Setting SELinux context for'  message.

no local udev rules here.

running with verbose logging shows the problem:

#activate/fs.c:176       Linking /dev/VolGroup00/test -> /dev/mapper/VolGroup00-test
#misc/selinux.c:25       Setting SELinux context for /dev/VolGroup00/test

selinux contexts are set only for the symlink (/dev/vg/lv), not for the device
node (/dev/mapper/vg-lv)

[root@blast ~]# ls --lcontext /dev/VolGroup00/test /dev/mapper/VolGroup00-test
brw-rw----  1 root:object_r:device_t           root disk 253, 4 May 16 10:19
/dev/mapper/VolGroup00-test
lrwxrwxrwx  1 system_u:object_r:device_t       root root     27 May 16 10:19
/dev/VolGroup00/test -> /dev/mapper/VolGroup00-test

That's from a completely different part of the code.

The code that creates the /dev/mapper node doesn't print anything unless it goes
wrong.  (You should get another debug selinux message though if activation
logging is enabled.)

Alternatively use 'strace' to look for the mknod.

very well, here is an strace, grepped for 'test' (my lv name):

execve("/usr/sbin/lvcreate", ["lvcreate", "-n", "test", "-L", "1G",
"VolGroup00"], [/* 21 vars */]) = 0
stat("/dev/mapper/VolGroup00-test", 0x7fffffcdb700) = -1 ENOENT (No such file or
directory)
mknod("/dev/mapper/VolGroup00-test", S_IFBLK|0660, makedev(253, 4)) = 0
chown("/dev/mapper/VolGroup00-test", 0, 6) = 0
lstat("/dev/VolGroup00/test", 0x7fffffcda6d0) = -1 ENOENT (No such file or
directory)
symlink("/dev/mapper/VolGroup00-test", "/dev/VolGroup00/test") = 0
lsetxattr("/dev/VolGroup00/test", "security.selinux",
"system_u:object_r:device_t", 27, ) = 0
stat("/dev/VolGroup00/test", {st_mode=S_IFBLK|0660, st_rdev=makedev(253, 4),
...}) = 0
stat("/dev/VolGroup00/test", {st_mode=S_IFBLK|0660, st_rdev=makedev(253, 4),
...}) = 0
stat("/dev/VolGroup00/test", {st_mode=S_IFBLK|0660, st_rdev=makedev(253, 4),
...}) = 0
open("/dev/VolGroup00/test", O_RDWR|O_DIRECT|0x40000) = 3
write(1, "  Logical volume \"test\" created\n", 32  Logical volume "test" created

as you can see, lsetxattr is called for the symlink, but not for the node itself.

*** This bug has been marked as a duplicate of 159669 ***