diff --git a/agent/agentexec/cli_linux.go b/agent/agentexec/cli_linux.go index 8731ae6406b80..4da3511ea64d2 100644 --- a/agent/agentexec/cli_linux.go +++ b/agent/agentexec/cli_linux.go @@ -17,6 +17,8 @@ import ( "golang.org/x/sys/unix" "golang.org/x/xerrors" "kernel.org/pub/linux/libs/security/libcap/cap" + + "github.com/coder/coder/v2/agent/usershell" ) // CLI runs the agent-exec command. It should only be called by the cli package. @@ -114,7 +116,8 @@ func CLI() error { // Remove environment variables specific to the agentexec command. This is // especially important for environments that are attempting to develop Coder in Coder. - env := os.Environ() + ei := usershell.SystemEnvInfo{} + env := ei.Environ() env = slices.DeleteFunc(env, func(e string) bool { return strings.HasPrefix(e, EnvProcPrioMgmt) || strings.HasPrefix(e, EnvProcOOMScore) || diff --git a/agent/usershell/usershell.go b/agent/usershell/usershell.go index 9400dc91679da..1819eb468aa58 100644 --- a/agent/usershell/usershell.go +++ b/agent/usershell/usershell.go @@ -50,7 +50,17 @@ func (SystemEnvInfo) User() (*user.User, error) { } func (SystemEnvInfo) Environ() []string { - return os.Environ() + var env []string + for _, e := range os.Environ() { + // Ignore GOTRACEBACK=none, as it disables stack traces, it can + // be set on the agent due to changes in capabilities. + // https://pkg.go.dev/runtime#hdr-Security. + if e == "GOTRACEBACK=none" { + continue + } + env = append(env, e) + } + return env } func (SystemEnvInfo) HomeDir() (string, error) { diff --git a/agent/usershell/usershell_test.go b/agent/usershell/usershell_test.go index ee49afcb14412..40873b5dee2d7 100644 --- a/agent/usershell/usershell_test.go +++ b/agent/usershell/usershell_test.go @@ -43,4 +43,13 @@ func TestGet(t *testing.T) { require.NotEmpty(t, shell) }) }) + + t.Run("Remove GOTRACEBACK=none", func(t *testing.T) { + t.Setenv("GOTRACEBACK", "none") + ei := usershell.SystemEnvInfo{} + env := ei.Environ() + for _, e := range env { + require.NotEqual(t, "GOTRACEBACK=none", e) + } + }) }