There is a libcap-ng package fix that broke it, I believe it is
being
reverted for now, and we are working to figure out a proper fix to make
SELinux Sandbox and libcap-ng play well together.
I just saw that it has NOT been reverted and it was even pushed to stable!
Now that it is in stable already I guess my comment here is not useful
anymore:
https://admin.fedoraproject.org/updates/FEDORA-2014-5589/libcap-ng-0.7.4-...
Should I file a bug against the selinux or the libcap-ng part?
As a workaround I downgraded and added the following line to my yum.conf:
exclude=libcap-ng*
I find it quite sad that no one seems to care about the broken sandbox
functionality at all.