diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 9bf9d0d81..e0249aa83 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -408,8 +408,6 @@ allow syslogd_t self:unix_dgram_socket create_socket_perms;
 allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
 allow syslogd_t self:unix_dgram_socket sendto;
 allow syslogd_t self:fifo_file rw_fifo_file_perms;
-allow syslogd_t self:udp_socket create_socket_perms;
-allow syslogd_t self:tcp_socket create_stream_socket_perms;
 
 allow syslogd_t syslog_conf_t:file read_file_perms;
 allow syslogd_t syslog_conf_t:dir list_dir_perms;
@@ -583,6 +581,8 @@ ifdef(`distro_ubuntu',`
 
 tunable_policy(`logging_syslog_can_network',`
 	allow syslogd_t self:capability { net_admin };
+	allow syslogd_t self:tcp_socket create_stream_socket_perms;
+	allow syslogd_t self:udp_socket create_socket_perms;
 
 	corenet_all_recvfrom_netlabel(syslogd_t)
 	corenet_udp_sendrecv_generic_if(syslogd_t)