chore: fix ci

afshinm · afshinm · commit ed3b40cc52de · 2026-05-17T09:50:22.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -121,7 +121,7 @@ jobs:
           name: upstream
           path: upstream/
       - name: Install system deps
-        run: sudo apt-get update && sudo apt-get install -y libcap-dev
+        run: sudo apt-get update && sudo apt-get install -y bubblewrap libcap-dev
       - name: Enable unprivileged user namespaces (required by bubblewrap)
         run: |
           # Required for bubblewrap to work on Linux CI runners.
@@ -151,7 +151,7 @@ jobs:
         include:
           - os: macos-latest
           - os: ubuntu-latest
-            system-deps: libcap-dev
+            system-deps: bubblewrap libcap-dev
             enable-userns: true
     runs-on: ${{ matrix.os }}
     steps:
@@ -204,7 +204,7 @@ jobs:
         include:
           - os: macos-latest
           - os: ubuntu-latest
-            system-deps: libcap-dev
+            system-deps: bubblewrap libcap-dev
             enable-userns: true
     runs-on: ${{ matrix.os }}
     steps:
diff --git a/UPSTREAM_VERSION b/UPSTREAM_VERSION
@@ -1,3 +1,3 @@
 rust-v0.131.0-alpha.22
 # commit: 9b8cf56cdefb09f54564ccc295fd42f6647f558f
-# synced: 2026-05-16T19:45:09Z
+# synced: 2026-05-16T21:01:55Z
diff --git a/crates/zerobox/src/main.rs b/crates/zerobox/src/main.rs
@@ -133,23 +133,29 @@ fn exit_code_from_status(status: std::process::ExitStatus) -> ExitCode {
 }
 
 fn main() -> ExitCode {
+    #[cfg(target_os = "linux")]
+    if invoked_as_linux_sandbox_helper() {
+        zerobox_linux_sandbox::run_main();
+    }
+
     tokio_main()
 }
 
+#[cfg(target_os = "linux")]
+fn invoked_as_linux_sandbox_helper() -> bool {
+    use zerobox_sandboxing::landlock::ZEROBOX_LINUX_SANDBOX_ARG0;
+
+    let Some(argv0) = std::env::args_os().next() else {
+        return false;
+    };
+
+    std::path::Path::new(&argv0)
+        .file_name()
+        .is_some_and(|name| name == std::ffi::OsStr::new(ZEROBOX_LINUX_SANDBOX_ARG0))
+}
+
 #[tokio::main]
 async fn tokio_main() -> ExitCode {
-    #[cfg(target_os = "linux")]
-    {
-        use zerobox_sandboxing::landlock::ZEROBOX_LINUX_SANDBOX_ARG0;
-        let exe_name = std::env::args_os()
-            .next()
-            .as_ref()
-            .and_then(|s| Path::new(s).file_name().map(|f| f.to_os_string()));
-        if exe_name.as_deref() == Some(std::ffi::OsStr::new(ZEROBOX_LINUX_SANDBOX_ARG0)) {
-            zerobox_linux_sandbox::run_main();
-        }
-    }
-
     let cli = Cli::parse();
 
     if let Some(CliSubcommand::Snapshot { action }) = &cli.subcommand {
