6772568 SELINUX: Call setuid(0)/setgid(0) to also set the real IDs to root

Authored and Committed by jhrozek 5 years ago
    SELINUX: Call setuid(0)/setgid(0) to also set the real IDs to root
    
    https://fedorahosted.org/sssd/ticket/2564
    
    libselinux uses many access(2) calls and access() uses the real UID,
    not the effective UID for the check. Therefore, the setuid selinux_child,
    which only has effective UID of root would fail the check.
    
    Reviewed-by: Michal Židek <mzidek@redhat.com>
    (cherry picked from commit 486f0d5227a9b81815aaaf7d9a2c39aafcbfdf6a)