There can be a more sophisticated security policy, but right now
generic non-root user doesn't have any bits in there, so requiring
them to be zero is a sane starting point.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>