set open_basedir in php.ini to stop leaks

[myplc.git] / plc.d / httpd

diff --git a/plc.d/httpd b/plc.d/httpd
index 0e517ce..3d21644 100755 (executable)
--- a/plc.d/httpd
+++ b/plc.d/httpd
@@ -1,6 +1,4 @@
 #!/bin/bash
-# $Id$
-# $URL$
 #
 # priority: 600
 #
@@ -58,6 +56,10 @@ case "$1" in
        include_path=".:$DocumentRoot/planetlab/includes:$DocumentRoot/plekit/php:$DocumentRoot/generated:/etc/planetlab/php:/usr/share/plc_api/php"
        sed -i -e "s@[;]*include_path = \"\.:.*\"@include_path = \"$include_path\"@" $php_ini
 
+       # Set open_basedir so as to avoid leaks
+       open_basedir="$DocumentRoot:/etc/planetlab/php:/usr/share/plc_api/php:/var/log/myslice:/var/tmp/bootmedium:/tmp"
+       sed -i -e "s@[;]*open_basedir =.*@open_basedir = \"$open_basedir\"@" $php_ini
+       
        # for php-5.3 under fedora12, otherwise issues tons of warning messages
        # Set timezone in php.ini if not already there
        if grep '^;date.timezone' $php_ini >& /dev/null; then
@@ -117,7 +119,6 @@ case "$1" in
            # HTTP configuration
            if [ $skip_http -eq 0 -a -n "${!http_port}" ] ; then
                cat <<EOF
-Listen 127.0.0.1:${!http_port}
 Listen ${!http_port}
 # create wsgi socket where we have the permission
 ### WSGISocketPrefix run/wsgi