Keter 1.6 doesn't pass env variables in app config when setuid is set in global config

[joyfulmantis]

In keter 1.6 when I am using the new config format (stanzas), and listing variables to be passed down (through env), if setuid is set in the global config, then the listed variables end up not being passed down to the app. I am theorizing that this is caused by the variables being somehow lost with sudo being called. However, strangely enough, this is only the case for the environment variables listed in the app config. The environment variables always passed down by keter (port) and the ones passed down from the postgres plugin aren't affected.

Attached are sample app keter.yaml and global keter-config.yaml files:

root: /var/www/keter
listeners:
    - host: "*4"
      port: 80
    # HTTPS

# Disabling this allows the enviroment variable "env:Production" to be passed down to the app
setuid: www-data

stanzas:
  - type: webapp
    exec: ../bin/example
    host: localhost
    env:
      ENV: Production
plugins:
    postgers: true
    postgres:
      - server: localhost
        port: 5432

[jappeace]

the process is forked in here:

https://github.com/snoyberg/keter/blob/master/Data/Conduit/Process/Unix.hs#L301

sudo is already ran with -E which means it should perserve environment.
I'm not sure why it isn't doing this.

As a work around you could wrap your binary in a script that loads the environment.
This is done in the nix configuration as well: https://github.com/snoyberg/keter/blob/master/nix/config.nix#L25 (public and private script in this case are intended to load the environment).
if you do this work around make sure to call exec otherwise you get process leakage