diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index c20887c6a..bcac91b48 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -120,7 +120,6 @@ init_manage_all_units(logrotate_t)
 logging_manage_all_logs(logrotate_t)
 logging_send_syslog_msg(logrotate_t)
 logging_send_audit_msgs(logrotate_t)
-logging_exec_all_logs(logrotate_t)
 
 miscfiles_read_generic_certs(logrotate_t)
 miscfiles_read_localization(logrotate_t)
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 8a4a05566..411daa938 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -1098,28 +1098,6 @@ interface(`logging_watch_all_logs',`
 	allow $1 logfile:file watch;
 ')
 
-########################################
-## <summary>
-##	Execute all log files in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: not sure why this is needed.  This was added
-# because of logrotate.
-interface(`logging_exec_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	allow $1 logfile:dir list_dir_perms;
-	can_exec($1, logfile)
-')
-
 ########################################
 ## <summary>
 ##	read/write to all log files.