From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
 by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s6G6FVun008907
 for <selinux@tycho.nsa.gov>; Wed, 16 Jul 2014 02:15:31 -0400
Received: by mail-pa0-f41.google.com with SMTP id rd3so172798pab.28
 for <selinux@tycho.nsa.gov>; Tue, 15 Jul 2014 23:15:34 -0700 (PDT)
Received: from [192.168.1.2] ([117.208.64.98])
 by mx.google.com with ESMTPSA id pu5sm15857094pbb.4.2014.07.15.23.15.32
 for <selinux@tycho.nsa.gov>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 15 Jul 2014 23:15:33 -0700 (PDT)
Message-ID: <53C61881.1020304@gmail.com>
Date: Wed, 16 Jul 2014 11:45:29 +0530
From: dE <de.techno@gmail.com>
MIME-Version: 1.0
To: selinux@tycho.nsa.gov
Subject: Initial SIDs.
Content-Type: text/plain; charset=windows-1252; format=flowed
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>

I don't understanding why this's required.

As per my understanding, the SID values can be generated by the kernel 
given the security context and is internal to the kernel and independent 
of the policy, so I don't understand why do we define SID manually.

Second, I'm not sure why these initial processes require an SID in the 
1st place – my guess is cause the security context of the parent 
processes (like init) are used to compute the security context of it's 
children; so with a missing security context of the parent process, it's 
impossible to compute the security context of it's children. So a valid 
security context has to be predefined.