The following configuration will work after boot and while LIDS_GLOBAL is on because it gives portsentry the CAP_NET_BIND_SERVICE capability. Depending on what you want portsentry to do, you may or may not need all of the following ACLs.
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o /usr/local/psionic/portsentry -j WRITE /sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o /var/log -j WRITE /sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o CAP_NET_BIND_SERVICE -j GRANT # For portsentry to be able to update the firewall: /sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o CAP_NET_RAW -i 1 -j GRANT # For portsentry to be able to update /etc/hosts.allow and/or /etc/hosts.deny: /sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o /etc/hosts.allow -j WRITE /sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \ -o /etc/hosts.deny -j WRITE |