From e9cde52a48da19f362366045af4b1c2964d491bc Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Thu, 12 Jun 2014 21:06:04 -0400
Subject: [PATCH] two more cases of shelling out external programs in a more
 secure way, see cecda9cec5643d7b89829d1663fcedea346eca23

---
 management/dns_update.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/management/dns_update.py b/management/dns_update.py
index 66a2bf6c..8d8c5b54 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -5,6 +5,7 @@
 import os, os.path, urllib.parse, time, re
 
 from mailconfig import get_mail_domains
+from utils import shell
 
 def do_dns_update(env):
 	# What domains should we serve DNS for?
@@ -39,13 +40,13 @@ def do_dns_update(env):
 
 	# Kick nsd if anything changed.
 	if len(updated_domains) > 0:
-		os.system("service nsd restart")
+		shell('check_call', ["/usr/sbin/service", "nsd", "restart"])
 
 	# Write the OpenDKIM configuration tables.
 	write_opendkim_tables(zonefiles, env)
 
 	# Kick opendkim.
-	os.system("service opendkim restart")
+	shell('check_call', ["/usr/sbin/service", "opendkim", "restart"])
 
 	if len(updated_domains) == 0:
 		# if nothing was updated (except maybe DKIM), don't show any output