The following configuration will work after boot and while LIDS_GLOBAL is on because it gives portsentry the CAP_NET_BIND_SERVICE capability. Depending on what you want portsentry to do, you may or may not need all of the following ACLs.
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o /usr/local/psionic/portsentry -j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o /var/log -j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o CAP_NET_BIND_SERVICE -j GRANT
# For portsentry to be able to update the firewall:
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o CAP_NET_RAW -i 1 -j GRANT
# For portsentry to be able to update /etc/hosts.allow and/or /etc/hosts.deny:
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o /etc/hosts.allow -j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
-o /etc/hosts.deny -j WRITE |