From b02b607fb908781c6584665bbe3e6c477afb2058 Mon Sep 17 00:00:00 2001
From: Razvan Dimescu <ssaricu@gmail.com>
Date: Sat, 18 Apr 2026 20:07:24 +0300
Subject: [PATCH] ci(linux): assert numa daemon does not run as root

Locks in the invariant this branch establishes: a regression that
reverts to User=root would otherwise ship green.
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4bce7c2..1e015ab 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -87,6 +87,9 @@ jobs:
           sleep 2
           curl -sf http://127.0.0.1:5380/health
           dig @127.0.0.1 example.com +short +timeout=5 | grep -q '.'
+          user=$(ps -o user= -p "$(systemctl show -p MainPID --value numa)" | tr -d ' ')
+          echo "numa running as: $user"
+          test "$user" != "root"
           sudo ./target/release/numa install
           sleep 2
           curl -sf http://127.0.0.1:5380/health