feat: preserve original user environment when running under sudo

When jail is executed with sudo, the subprocess now receives the original
user's environment variables (USER, HOME, PATH, XDG directories) instead of
root's environment. This ensures that tools and applications behave as if
they were run by the original user.

Changes:
- Add environment package with sudo detection and user environment restoration
- Update Linux jail implementation to restore user environment
- Update macOS jail implementation to restore user environment
- Preserve important variables: USER, LOGNAME, HOME, PATH, XDG_* directories
- Maintain backward compatibility for non-sudo execution

Co-authored-by: f0ssel <[email protected]>

Author: blink-so[bot]

environment/sudo.go

@@ -0,0 +1,148 @@
+package environment
+
+import (
+	"fmt"
+	"log/slog"
+	"os"
+	"os/user"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+// RestoreOriginalUserEnvironment detects if running under sudo and restores
+// the original user's environment variables that are important for subprocess execution.
+func RestoreOriginalUserEnvironment(logger *slog.Logger) map[string]string {
+	restoredEnv := make(map[string]string)
+
+	// Check if running under sudo by looking for SUDO_USER
+	sudoUser := os.Getenv("SUDO_USER")
+	if sudoUser == "" {
+		logger.Debug("Not running under sudo, no environment restoration needed")
+		return restoredEnv
+	}
+
+	logger.Debug("Detected sudo execution, restoring original user environment", "sudo_user", sudoUser)
+
+	// Get original user information
+	originalUser, err := user.Lookup(sudoUser)
+	if err != nil {
+		logger.Warn("Failed to lookup original user, skipping environment restoration", "sudo_user", sudoUser, "error", err)
+		return restoredEnv
+	}
+
+	// Restore basic user identity variables
+	restoredEnv["USER"] = sudoUser
+	restoredEnv["LOGNAME"] = sudoUser
+	restoredEnv["HOME"] = originalUser.HomeDir
+
+	// Restore original user's UID and GID if available
+	if sudoUID := os.Getenv("SUDO_UID"); sudoUID != "" {
+		restoredEnv["UID"] = sudoUID
+	}
+	if sudoGID := os.Getenv("SUDO_GID"); sudoGID != "" {
+		restoredEnv["GID"] = sudoGID
+	}
+
+	// Try to restore a reasonable PATH for the original user
+	// This is a best-effort attempt since the original PATH might be complex
+	restoredPath := restoreUserPath(originalUser, logger)
+	if restoredPath != "" {
+		restoredEnv["PATH"] = restoredPath
+	}
+
+	// Restore XDG directories for the original user
+	restoreXDGEnvironment(originalUser, restoredEnv)
+
+	// Log what we're restoring
+	logger.Debug("Restored environment variables for original user", 
+		"user", sudoUser, 
+		"home", originalUser.HomeDir,
+		"restored_vars", len(restoredEnv))
+
+	return restoredEnv
+}
+
+// restoreUserPath attempts to construct a reasonable PATH for the original user
+func restoreUserPath(originalUser *user.User, logger *slog.Logger) string {
+	// Start with common system paths
+	systemPaths := []string{
+		"/usr/local/bin",
+		"/usr/bin",
+		"/bin",
+	}
+
+	// Add user-specific paths
+	userPaths := []string{
+		filepath.Join(originalUser.HomeDir, ".local", "bin"),
+		filepath.Join(originalUser.HomeDir, "bin"),
+	}
+
+	// Check if user paths exist and add them
+	var validPaths []string
+	for _, path := range userPaths {
+		if _, err := os.Stat(path); err == nil {
+			validPaths = append(validPaths, path)
+		}
+	}
+
+	// Combine user paths + system paths
+	allPaths := append(validPaths, systemPaths...)
+
+	// Also try to preserve some paths from current PATH that might be user-specific
+	currentPath := os.Getenv("PATH")
+	if currentPath != "" {
+		for _, path := range strings.Split(currentPath, ":") {
+			// Include paths that contain the user's home directory
+			if strings.Contains(path, originalUser.HomeDir) {
+				if _, err := os.Stat(path); err == nil {
+					allPaths = append([]string{path}, allPaths...)
+				}
+			}
+		}
+	}
+
+	restoredPath := strings.Join(allPaths, ":")
+	logger.Debug("Restored PATH for user", "user", originalUser.Username, "path", restoredPath)
+	return restoredPath
+}
+
+// restoreXDGEnvironment restores XDG Base Directory variables for the original user
+func restoreXDGEnvironment(originalUser *user.User, restoredEnv map[string]string) {
+	homeDir := originalUser.HomeDir
+
+	// Set XDG directories according to the specification
+	// https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
+	restoredEnv["XDG_DATA_HOME"] = filepath.Join(homeDir, ".local", "share")
+	restoredEnv["XDG_CONFIG_HOME"] = filepath.Join(homeDir, ".config")
+	restoredEnv["XDG_STATE_HOME"] = filepath.Join(homeDir, ".local", "state")
+	restoredEnv["XDG_CACHE_HOME"] = filepath.Join(homeDir, ".cache")
+
+	// XDG_RUNTIME_DIR is typically /run/user/{uid} but we'll leave it as-is
+	// since it requires the actual UID and proper permissions
+}
+
+// GetEffectiveUID returns the effective UID that should be used for the subprocess
+// This helps determine if we need to drop privileges when running under sudo
+func GetEffectiveUID() (int, error) {
+	if sudoUID := os.Getenv("SUDO_UID"); sudoUID != "" {
+		uid, err := strconv.Atoi(sudoUID)
+		if err != nil {
+			return 0, fmt.Errorf("invalid SUDO_UID: %v", err)
+		}
+		return uid, nil
+	}
+	return os.Getuid(), nil
+}
+
+// GetEffectiveGID returns the effective GID that should be used for the subprocess
+func GetEffectiveGID() (int, error) {
+	if sudoGID := os.Getenv("SUDO_GID"); sudoGID != "" {
+		gid, err := strconv.Atoi(sudoGID)
+		if err != nil {
+			return 0, fmt.Errorf("invalid SUDO_GID: %v", err)
+		}
+		return gid, nil
+	}
+	return os.Getgid(), nil
+}

network/linux.go

@@ -9,6 +9,8 @@ import (
 	"os/exec"
 	"syscall"
 	"time"
+
+	"github.com/coder/jail/environment"
 )
 
 const (
@@ -92,6 +94,12 @@ func (l *LinuxJail) Execute(command []string, extraEnv map[string]string) error
 	l.logger.Debug("Setting up environment")
 	env := os.Environ()
 
+	// Restore original user environment if running under sudo
+	restoredUserEnv := environment.RestoreOriginalUserEnvironment(l.logger)
+	for key, value := range restoredUserEnv {
+		env = append(env, fmt.Sprintf("%s=%s", key, value))
+	}
+
 	// Add extra environment variables (including CA cert if provided)
 	for key, value := range extraEnv {
 		env = append(env, fmt.Sprintf("%s=%s", key, value))

network/macos.go

@@ -10,6 +10,9 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+	"time"
+
+	"github.com/coder/jail/environment"
 )
 
 const (
@@ -79,6 +82,12 @@ func (m *MacOSNetJail) Execute(command []string, extraEnv map[string]string) err
 	m.logger.Debug("Setting up environment")
 	env := os.Environ()
 
+	// Restore original user environment if running under sudo
+	restoredUserEnv := environment.RestoreOriginalUserEnvironment(m.logger)
+	for key, value := range restoredUserEnv {
+		env = append(env, fmt.Sprintf("%s=%s", key, value))
+	}
+
 	// Add extra environment variables (including CA cert if provided)
 	for key, value := range extraEnv {
 		env = append(env, fmt.Sprintf("%s=%s", key, value))
@@ -334,4 +343,4 @@ func (m *MacOSNetJail) cleanupTempFiles() {
 	if m.mainRulesPath != "" {
 		os.Remove(m.mainRulesPath)
 	}
-}
+}