[Bug 2127766] Re: snap run --strace doesn't work with sudo-rs [sudo -E not supported]

Maciej Borzecki 2127766 at bugs.launchpad.net
Tue Dec 9 11:01:36 UTC 2025 

On questing:

ubuntu at u1:~$ snap run --strace hello
warning: preserving the entire environment is not supported, `-E` is ignored
error: exit status 1
ubuntu at u1:~$ sudo apt policy snapd
snapd:
  Installed: 2.72+ubuntu25.10.2
  Candidate: 2.72+ubuntu25.10.2
  Version table:
     2.73+ubuntu25.10 100
        100 http://archive.ubuntu.com/ubuntu questing-proposed/main amd64 Packages
 *** 2.72+ubuntu25.10.2 500
        500 http://archive.ubuntu.com/ubuntu questing-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.71.1+ubuntu25.10.1 500
        500 http://archive.ubuntu.com/ubuntu questing/main amd64 Packages
ubuntu at u1:~$ sudo apt install snapd=2.73+ubuntu25.10
Upgrading:
  snapd

Summary:
  Upgrading: 1, Installing: 0, Removing: 0, Not Upgrading: 16
  Download size: 39.1 MB
  Space needed: 516 kB / 6859 MB available

Get:1 http://archive.ubuntu.com/ubuntu questing-proposed/main amd64 snapd amd64 2.73+ubuntu25.10 [39.1 MB]
Fetched 39.1 MB in 1s (29.6 MB/s)
(Reading database ... 86402 files and directories currently installed.)
Preparing to unpack .../snapd_2.73+ubuntu25.10_amd64.deb ...
Unpacking snapd (2.73+ubuntu25.10) over (2.72+ubuntu25.10.2) ...
Setting up snapd (2.73+ubuntu25.10) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
Installing new version of config file /etc/profile.d/apps-bin-path.sh ...
snapd.failure.service is a disabled or a static unit not running, not starting it.
snapd.gpio-chardev-setup.target is a disabled or a static unit not running, not starting it.
snapd.snap-repair.service is a disabled or a static unit not running, not starting it.
Processing triggers for dbus (1.16.2-2ubuntu2) ...
Processing triggers for man-db (2.13.1-1) ...
Scanning processes...
Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
ubuntu at u1:~$ snap version
snap          2.73+ubuntu25.10
snapd         2.73+ubuntu25.10
series        16
ubuntu        25.10
kernel        6.17.0-7-generic
architecture  amd64
ubuntu at u1:~$ snap run --strace hello
/usr/bin/strace: Process 2804 attached
--- stopped by SIGSTOP ---
--- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=2795, si_uid=1000} ---
[pid  2818] execve("/snap/hello/42/snap/command-chain/snapcraft-runner", ["/snap/hello/42/snap/command-chai"..., "/snap/hello/42/bin/hello"], 0xc000158780 /* 37 vars */ <unfinished ...>
[pid  2817] +++ exited with 0 +++
[pid  2804] <... futex resumed>)        = ?
+++ superseded by execve in pid 2818 +++
<... execve resumed>)                   = 0
brk(NULL)                               = 0x5dc0cf6c0000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffeaf21ca80) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
...
write(1, "Hello, world!\n", 14Hello, world!
)         = 14
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

Can confirm snap run --strace is now fixed.

** Tags removed: verification-needed-questing
** Tags added: verification-done-questing

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2127766

Title:
  snap run --strace doesn't work with sudo-rs [sudo -E not supported]

Status in snapd:
  Fix Committed
Status in rust-sudo-rs package in Ubuntu:
  Won't Fix
Status in snapd package in Ubuntu:
  New
Status in snapd source package in Jammy:
  Fix Committed
Status in snapd source package in Noble:
  Fix Committed
Status in snapd source package in Plucky:
  Fix Committed
Status in snapd source package in Questing:
  Fix Committed

Bug description:
  [SRU] 2.73:
  https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2132084

  [ Impact ]

  Only impacts Ubuntu 25.10+
  With sudo-rs, -E` is ignored, which breaks snapd run --strace.

  [ Test Plan ]

  1. Reproduce with snapd deb < 2.73

  - Ensure sudo-rs installed
  - Run: snap run --strace <snap>.<app>
  - Expect: warning: preserving the entire environment is not supported, `-E` is ignored

  2. Prove fixed with snapd deb 2.73

  - Ensure sudo-rs installed
  - Run: snap run --strace <snap>.<app>
  - Expect: No warning

  ---original---

  sudo-rs became the default sudo in 25.10, which broke this snap run
  --strace,

  $ snap run --strace <snap>.<app>
  warning: preserving the entire environment is not supported, `-E` is ignored
  [sudo: authenticate] Password:
  error: exit status 1

  It does work if I switch back to GNU Coreutils' sudo. The reason being
  many required environment variables are no longer passed through, and
  the strace fails due to SNAP_INSTANCE_NAME not being set, before we
  get to execve'ing the snap application itself.

  I commented on this use case in the sudo-rs issue tracker:
  https://github.com/trifectatechfoundation/sudo-rs/issues/1299

  Maybe snapd needs to have a whitelist of environment variables?

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/2127766/+subscriptions

More information about the foundations-bugs mailing list