dontaudit net_admin for SO_SNDBUFFORCE

The following patch adds dontaudit rules for where the net_admin capability
is requested due to SO_SNDBUFFORCE.  This forces the caller to use SO_SNDBUF
which gives the same result but possibly a smaller buffer.

From Russell Coker

policy/modules/contrib

@@ -1 +1 @@
-Subproject commit 2bd846e32b0634be6414299a106dffb5edb1b4a0
+Subproject commit 2c507992a931d3afa2b19d9dd8ce5d91368a46f6

policy/modules/services/ssh.if

@@ -182,6 +182,8 @@ template(`ssh_server_template', `
 	files_pid_file($1_var_run_t)
 
 	allow $1_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config };
+	# net_admin is for SO_SNDBUFFORCE
+	dontaudit $1_t self:capability net_admin;
 	allow $1_t self:fifo_file rw_fifo_file_perms;
 	allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate };
 	allow $1_t self:tcp_socket create_stream_socket_perms;

policy/modules/services/ssh.te

@@ -1,4 +1,4 @@
-policy_module(ssh, 2.9.1)
+policy_module(ssh, 2.9.2)
 
 ########################################
 #