imans: Check CAP_SYS_ADMIN in userns associated with IMA NS during configuration.

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4JC4P


CVE: NA

-----------------------------------------------------------------

Writing to securityfs (x509_for_children) fails with permission issues
during IMANS configuration. It is because IMANS is checking for
CAP_SYS_ADMIN capability in the initial user namespace and not in the
newly created user namespace where the new process is actually part off.

Signed-off-by: Ajo Jose Panoor <ajo.jose.panoor@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>