In a traditional Linux approach all processes executed during the boot phase are owned by root (a user with uid 0).
This behavior is hardcoded in Linux kernel when the init binary is executed (definition of INIT_TASK, linux/sched.h). With the introduction of the mandatory security policy definition (Chapter 4) the notion of the root (uid 0) user, as all powerful, was lost and it became equal to any other user in a system. This creates a complication on boot time if the privileges of the root, as defined in LinSec security policy for the system, are too restrictive.
To overcome the problem of association of boot processes with root user (uid 0), LinSec hardcodes (setup_init_task, kernel/linsec_setup.c) a special instance of linsec_usr structure (Section 5.5) to which a reference is placed in struct task_struct (via struct user_struct) describing init task. Values in the linsec_usr structure are chosen so that after the Capability Inheritance Algorithm (Subsection 5.8.4) is executed only privilege settings associated with the executable file a particular process is running are reflected in the actual process' capability settings. This special linsec_usr settings are inherited by all children of init until the first call to setuid (Section 5.5) for each of them.
In this way, all programs executed during the boot phase of a system are effectively disassociated from users, as desired.