Add neverallow for mac_override capability. It is not used by SELinux.

policy/modules/kernel/domain.te

@@ -1,4 +1,4 @@
-policy_module(domain, 1.13.0)
+policy_module(domain, 1.13.1)
 
 ########################################
 #
@@ -35,6 +35,9 @@ attribute set_curr_context;
 # dynamic transition, you should not be using it!!!
 neverallow { domain -set_curr_context } self:process setcurrent;
 
+# No domain needs mac_override as it is unused by SELinux.
+neverallow domain self:capability2 mac_override;
+
 # entrypoint executables
 attribute entry_type;