diff --git a/policy/modules/apps/vlock.te b/policy/modules/apps/vlock.te
index 18c30bcde..79a82ee14 100644
--- a/policy/modules/apps/vlock.te
+++ b/policy/modules/apps/vlock.te
@@ -14,6 +14,8 @@ application_domain(vlock_t, vlock_exec_t)
 # Local policy
 #
 
+# --enable-pam is recommended when configuring vlock, making it
+# unnecessary to be a setuid program.
 dontaudit vlock_t self:capability { setuid setgid };
 allow vlock_t self:fd use;
 allow vlock_t self:fifo_file rw_fifo_file_perms;
@@ -39,9 +41,6 @@ mls_file_write_all_levels(vlock_t)
 
 selinux_dontaudit_getattr_fs(vlock_t)
 
-term_use_all_ttys(vlock_t)
-term_use_all_ptys(vlock_t)
-
 auth_domtrans_chk_passwd(vlock_t)
 
 init_dontaudit_rw_utmp(vlock_t)