We don't have enough permissions to set sysctl-s from userns, while
system calls are ns_capable()-protected in the kernel and thus work
in user-namespaces.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>