So the use case here is that a classic confined app wants to execute programs from outside the snap. In the VS Code case, this would include:
- executing the system compiler toolchain and other build tools
- executing/debugging the app the user is building
And you want to avoid passing on any environment that alters the execution of these subprocesses.
Just looking through what the desktop-launch script does, LD_LIBRARY_PATH is just the start. Among other things it will also:
- set
GST_PLUGIN_PATH/GST_PLUGIN_SYSTEM_PATHto alter where GStreamer plugins are found - set
GI_TYPELIB_PATHto alter where gobject-introspection typelibs are found. - set
GIO_MODULE_DIRto change where GLib’s GIO modules are found. - set
GDK_PIXBUF_MODULEDIRto change where gdk-pixbuf modules are found. - set
GTK_PATHto change where GTK modules are found - set
GTK_IM_MODULE_DIRto change where input method modules are found - set
QT_PLUGIN_PATHto change where Qt plugins are found - …
Any of these could also cause problems for subprocesses that use this functionality if there are incompatibilities between the system and snapped versions of these libraries. It’s also worth noting that some of these environment variables will be needed for correct functioning of the snapped version of the corresponding libraries, since the incompatibilities can go both ways.
You’re probably better off working out what aspects of the script you actually need in a classic environment rather than removing the the things that break one by one.