Comment 6 for bug 1417331

The workaround was including PATH=$(external_sudo_path):$PATH in front of the exec, and adding a rootwrap rule to allow it.

So the final execution is...

sudo rootwrap /etc/my-rootwrap-filters PATH=/my/external_path:$PATH my-exec params

and we're able to inject a path.

Our use case is testing, so we're not very worried about security implications, we could understand other use cases may be more worried and may need to work on a proper rootwrap fix.