From Debian package 0.2.20100524-5

  * Allow sshd getcap and setcap access

Index: policy/modules/services/ssh.te
===================================================================
--- policy/modules/services/ssh.te.orig
+++ policy/modules/services/ssh.te
@@ -243,6 +243,8 @@
 manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
 files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
 
+allow sshd_t self:process { getcap setcap };
+
 kernel_search_key(sshd_t)
 kernel_link_key(sshd_t)