diff --git a/public/racoon.te b/public/racoon.te
index 476981e43fa25cd88186341db7f28c261ad19bdf..d5d5a4ef1521acfbbe9062cb418a0b398b9e4eac 100644
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -15,7 +15,7 @@ allow racoon kernel:system module_request;
 
 allow racoon self:key_socket create_socket_perms_no_ioctl;
 allow racoon self:tun_socket create_socket_perms_no_ioctl;
-allow racoon self:capability { net_admin net_bind_service net_raw setuid };
+allow racoon self:capability { net_admin net_bind_service net_raw };
 
 # XXX: should we give ip-up-vpn its own label (currently racoon domain)
 allow racoon system_file:file rx_file_perms;