I don't understanding why this's required.
As per my understanding, the SID values can be generated by the kernel
given the security context and is internal to the kernel and independent
of the policy, so I don't understand why do we define SID manually.
Second, I'm not sure why these initial processes require an SID in the
1st place – my guess is cause the security context of the parent
processes (like init) are used to compute the security context of it's
children; so with a missing security context of the parent process, it's
impossible to compute the security context of it's children. So a valid
security context has to be predefined.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
