scripts: use subprocess.run instead of os.system

The subprocess.run command avoids using the shell and so is robust
should sys.argv contain any whitespace or unexpected shell meta
characters.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py
index 2636eb4f96df74ac41c77518a5ddf46d859cb6a4..71130d4dec23fbeb9054e4ac3188ea7695ea92a2 100755 (executable)
--- a/scripts/check-file-access.py
+++ b/scripts/check-file-access.py
@@ -23,6 +23,7 @@
 
 import os
 import re
+import subprocess
 import sys
 import tempfile
 
@@ -36,11 +37,9 @@ permitted_file = os.path.join(abs_srcdir, 'permitted_file_access.txt')
 
 os.environ['VIR_TEST_FILE_ACCESS_OUTPUT'] = access_file
 
-test = ' '.join(sys.argv[1:])
+proc = subprocess.run(sys.argv[1:])
 
-ret = os.system(test)
-
-if ret != 0 or os.read(access_fd, 10) == b'':
+if proc.returncode != 0 or os.read(access_fd, 10) == b'':
     os.close(access_fd)
     os.remove(access_file)
     sys.exit(ret)