Enable cgroup_seclabel and nnp_nosuid_transition.

policy/policy_capabilities

@@ -89,12 +89,12 @@ policycap extended_socket_class;
 #
 # Added checks:
 # (none)
-#policycap cgroup_seclabel;
+policycap cgroup_seclabel;
 
 # Enable NoNewPrivileges support.  Requires libsepol 2.7+
-# and kernel 4.14 (estimated).
+# and kernel 4.14.
 #
 # Checks enabled;
 # process2: nnp_transition, nosuid_transition
 #
-#policycap nnp_nosuid_transition;
+policycap nnp_nosuid_transition;