/proc/sys/kernel/sem* and /proc/sys/kernel/msg* are ipc sysctls
which are properly namespaced.  Allow writes to them from
containers.
Reported-by: Dan Kegel <dank@kegel.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>