For command tasks, we currently have no way for isolators to inject task specific environments into data path.
Isolators in their prepare implementation can return a ContainerLaunchInfo which currently supports setting the member environment - but that is effective for the executor already and will get inherited by the task environment.
Given that the command-executor is active in the host-fs context but the task may be running in a container-fs context (has_rootfs=true), using the above will possibly cause failures, depending on the nature of the variables set – consider e.g. LD_LIBRARY_PATH as a fatal one.
The command-executor does support the flag task_environment to receive environment variables which are meant exclusively for the task itself but not the executor.
Runtime isolators (docker/runtime, appc/runtime) already make use of this flag. However, they do it in a way that is a bit unfortunate as it does not allow for other isolators to make use of it - there is no merging taking place in the containerizer.