diff --git a/telnet.fc b/telnet.fc
index e8ca056..3d7d07a 100644
--- a/telnet.fc
+++ b/telnet.fc
@@ -1,4 +1,3 @@
-
 /usr/sbin/in\.telnetd	--	gen_context(system_u:object_r:telnetd_exec_t,s0)
 
 /usr/kerberos/sbin/telnetd	--	gen_context(system_u:object_r:telnetd_exec_t,s0)
diff --git a/telnet.te b/telnet.te
index e68dff5..9f89916 100644
--- a/telnet.te
+++ b/telnet.te
@@ -1,4 +1,4 @@
-policy_module(telnet, 1.10.1)
+policy_module(telnet, 1.10.2)
 
 ########################################
 #
@@ -8,9 +8,8 @@ policy_module(telnet, 1.10.1)
 type telnetd_t;
 type telnetd_exec_t;
 inetd_service_domain(telnetd_t, telnetd_exec_t)
-role system_r types telnetd_t;
 
-type telnetd_devpts_t; #, userpty_type;
+type telnetd_devpts_t;
 term_login_pty(telnetd_devpts_t)
 
 type telnetd_tmp_t;
@@ -24,16 +23,11 @@ files_pid_file(telnetd_var_run_t)
 # Local policy
 #
 
-allow telnetd_t self:capability { fsetid chown fowner sys_tty_config dac_override };
+allow telnetd_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
 allow telnetd_t self:process signal_perms;
 allow telnetd_t self:fifo_file rw_fifo_file_perms;
-allow telnetd_t self:tcp_socket connected_stream_socket_perms;
-allow telnetd_t self:udp_socket create_socket_perms;
-# for identd; cjp: this should probably only be inetd_child rules?
-allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow telnetd_t self:capability { setuid setgid };
 
-allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
+allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
 term_create_pty(telnetd_t, telnetd_devpts_t)
 
 manage_dirs_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
@@ -56,23 +50,21 @@ corenet_udp_sendrecv_generic_node(telnetd_t)
 corenet_tcp_sendrecv_all_ports(telnetd_t)
 corenet_udp_sendrecv_all_ports(telnetd_t)
 
+corecmd_search_bin(telnetd_t)
+
 dev_read_urand(telnetd_t)
 
 domain_interactive_fd(telnetd_t)
 
+files_read_usr_files(telnetd_t)
+files_read_etc_runtime_files(telnetd_t)
+files_search_home(telnetd_t)
+
 fs_getattr_xattr_fs(telnetd_t)
 
 auth_rw_login_records(telnetd_t)
 auth_use_nsswitch(telnetd_t)
 
-corecmd_search_bin(telnetd_t)
-
-files_read_usr_files(telnetd_t)
-files_read_etc_files(telnetd_t)
-files_read_etc_runtime_files(telnetd_t)
-# for identd; cjp: this should probably only be inetd_child rules?
-files_search_home(telnetd_t)
-
 init_rw_utmp(telnetd_t)
 
 logging_send_syslog_msg(telnetd_t)
@@ -81,8 +73,6 @@ miscfiles_read_localization(telnetd_t)
 
 seutil_read_config(telnetd_t)
 
-remotelogin_domtrans(telnetd_t)
-
 userdom_search_user_home_dirs(telnetd_t)
 userdom_setattr_user_ptys(telnetd_t)
 
@@ -96,5 +86,10 @@ tunable_policy(`use_samba_home_dirs',`
 
 optional_policy(`
 	kerberos_keytab_template(telnetd, telnetd_t)
+	kerberos_tmp_filetrans_host_rcache(telnetd_t, file, "host_0")
 	kerberos_manage_host_rcache(telnetd_t)
 ')
+
+optional_policy(`
+	remotelogin_domtrans(telnetd_t)
+')