EXEC DOMAIN
===========
concept:
	A exec domain is a set of directories that a process can be running in.
	any operation outside this domain is unreachable.

example, 
	httpd's exec domain is 
		* READ /etc/httpd	-> read the config files.
		* WRITE /home/httpd/	-> the working dir.
		* WRITE /var/log/httpd/	-> the httpd log.
		* READ /usr/lib  --> for read the share lib.
		* READ /lib/	 --> for read the share lib.
		* READ /etc/ld.so.cache -> for read the share lib. 

So, the httpd is running from this domain and after it start, it can not read/write other files/dirs than this directories.

Benifit,
	any expoit the httpd and its children can not get out of this domain. so the intruder can only touch the domain but not other directories.
	
Usages,

the new lidsadm with the lids-0.9.11 add support the "-d" to support the domain setting, for example, 

	lidsadm -A -s /usr/sbin/httpd -d -o /etc/httpd -j READ
	lidsadm -A -s /usr/sbin/httpd -d -o /home/httpd/ -j WRITE
	lidsadm -A -s /usr/sbin/httpd -d -o /var/log/httpd/ -j WRITE
	lidsadm -A -s /usr/sbin/httpd -d -o /usr/lib -j READ
	lidsadm -A -s /usr/sbin/httpd -d -o /lib -j READ
	lidsadm -A -s /usr/sbin/httpd -d -o /etc/ld.so.cache -j READ	

