diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te
index 29a5d0d..2744af2 100644
--- a/policy/modules/services/rlogin.te
+++ b/policy/modules/services/rlogin.te
@@ -27,13 +27,12 @@ files_pid_file(rlogind_var_run_t)
 # Local policy
 #
 
-allow rlogind_t self:capability { fsetid chown fowner sys_tty_config dac_override };
+allow rlogind_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
 allow rlogind_t self:process signal_perms;
 allow rlogind_t self:fifo_file rw_fifo_file_perms;
 allow rlogind_t self:tcp_socket connected_stream_socket_perms;
 # for identd; cjp: this should probably only be inetd_child rules?
 allow rlogind_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow rlogind_t self:capability { setuid setgid };
 
 allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
 term_create_pty(rlogind_t, rlogind_devpts_t)
diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te
index 26c5931..fcdde4c 100644
--- a/policy/modules/services/telnet.te
+++ b/policy/modules/services/telnet.te
@@ -23,14 +23,13 @@ files_pid_file(telnetd_var_run_t)
 # Local policy
 #
 
-allow telnetd_t self:capability { fsetid chown fowner sys_tty_config dac_override };
+allow telnetd_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
 allow telnetd_t self:process signal_perms;
 allow telnetd_t self:fifo_file rw_fifo_file_perms;
 allow telnetd_t self:tcp_socket connected_stream_socket_perms;
 allow telnetd_t self:udp_socket create_socket_perms;
 # for identd; cjp: this should probably only be inetd_child rules?
 allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow telnetd_t self:capability { setuid setgid };
 
 allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
 term_create_pty(telnetd_t, telnetd_devpts_t)
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index b928f29..f4080d1 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -32,11 +32,11 @@ files_type(tftpdir_rw_t)
 #
 
 allow tftpd_t self:capability { setgid setuid sys_chroot };
+dontaudit tftpd_t self:capability sys_tty_config;
 allow tftpd_t self:tcp_socket create_stream_socket_perms;
 allow tftpd_t self:udp_socket create_socket_perms;
 allow tftpd_t self:unix_dgram_socket create_socket_perms;
 allow tftpd_t self:unix_stream_socket create_stream_socket_perms;
-dontaudit tftpd_t self:capability sys_tty_config;
 
 allow tftpd_t tftpdir_t:dir list_dir_perms;
 allow tftpd_t tftpdir_t:file read_file_perms;
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index b9dac48..8650b17 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -399,8 +399,7 @@ optional_policy(`
 #
 
 allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service sys_ptrace };
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate ptrace };
-allow xdm_t self:process { getattr getcap setcap };
+allow xdm_t self:process { setexec setpgid getattr getcap setcap getsched setsched setrlimit signal_perms setkeycreate ptrace };
 allow xdm_t self:fifo_file rw_fifo_file_perms;
 allow xdm_t self:shm create_shm_perms;
 allow xdm_t self:sem create_sem_perms;