## Summary
- Adds cross-platform disk space check policies (macOS, Windows, Linux)
scoped to the workstations team
- Each policy calculates the percentage of available disk space relative
to total disk space and **fails when available disk space is 10% or
less**
- macOS/Linux policies query the `mounts` table for the root partition
(`/`); Windows policy queries the `logical_drives` table for NTFS drives
- Resolution contact channel is `#help-it`
### New files
- `it-and-security/lib/macos/policies/disk-space-check.yml`
- `it-and-security/lib/windows/policies/disk-space-check.yml`
- `it-and-security/lib/linux/policies/disk-space-check.yml`
### Modified files
- `it-and-security/teams/workstations.yml` — registers the three new
policies
### How it works
| Platform | Query logic |
|---|---|
| macOS | `SELECT 1 FROM mounts WHERE path = '/' AND
CAST(blocks_available AS REAL) / blocks > 0.10` |
| Linux | `SELECT 1 FROM mounts WHERE path = '/' AND
CAST(blocks_available AS REAL) / blocks > 0.10` |
| Windows | `SELECT 1 WHERE (SELECT CAST(SUM(free_space) AS REAL) /
SUM(size) FROM logical_drives WHERE file_system = 'NTFS') > 0.10` |
- **Pass (returns rows):** available disk space is more than 10%
- **Fail (returns no rows):** available disk space is 10% or less
### Why >10% free disk space matters
Each policy description now includes context on why maintaining
sufficient free disk space is important:
- **System stability:** Low disk space can cause system instability,
slowdowns, and crashes
- **OS requirements:** Operating systems need free space for virtual
memory/swap, temporary files, and system updates
- **Application reliability:** Applications may fail to save data or
function properly when disk space is critically low
- **Data protection:** Keeping sufficient free space ensures reliable
performance and prevents data loss
Built for [Allen
Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1772934328893319?thread_ts=1772933835.386689&cid=D0AFASNBZMW)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
This pull request makes minor improvements to the software metadata for
Linux and Windows installers, and updates messaging in a MacOS
configuration profile. The main changes are the addition of display
names for several software packages and a small wording update in the
MacOS profile.
Software metadata improvements:
* Added the `display_name` field for 1Password, Slack, and Zoom
installers in both `.deb` and `.rpm` formats for Linux, improving
clarity in software listings.
[[1]](diffhunk://#diff-74a6b317e1363bc4c856fc04b9532876ec6fbdaec1ae7745bc7ec00c164b5ee8R2)
[[2]](diffhunk://#diff-a09b19aa20a36257dba104b182ec182a175198bf2b83b4c27bbe5b34e3f86a9cR2)
[[3]](diffhunk://#diff-63cf9bff568593d4d6681597dc69b3c3741cbd53197cfa8056e66a8ce6aa65a3R2)
[[4]](diffhunk://#diff-1c76fa28d50f586e4d7090a954db56d9235cdea759e8a613d2c5fb0ccdf28fdfR2)
[[5]](diffhunk://#diff-d3b614ed0d7209d14d8f70170e4326d56e660fdb87ed585674be14c344a59d7fR2)
[[6]](diffhunk://#diff-c5be3430c846b9b69a3d47f0157b0d1707a61dac731d823e38adbf78de4f5ebeR2)
* Added the `display_name` field for Zoom installers for Windows
(`zoom-arm.yml` and `zoom.yml`), making software identification easier.
[[1]](diffhunk://#diff-3f6d972edfe5bd7590c0cd9ffc76a416401410a4b6143e4d6b2d6a0f8efa83b5R2)
[[2]](diffhunk://#diff-2ea34a1db8efdb13d238a064e9bd2e0ba1e4565aba849549e6182fcbe38cd388R2)
MacOS configuration profile update:
* Updated the `subHeader` in the `nudge-configuration.mobileconfig` file
to reference the "IT team" instead of "IT & Enablement team," clarifying
the responsible group in user notifications.
Add 1Password Linux package manifests (deb & rpm), update Slack Linux
download URLs to the generic download endpoints, and bump Zoom Linux
package URLs to a newer build (6.7.5.6891). Also add a display_name for
macOS Zoom and register the new Linux 1Password entries in the
workstations software list; remove several redundant display_name fields
in workstations.yml to avoid duplication. Files changed:
it-and-security/lib/linux/software/{1password-deb.yml,1password-rpm.yml,slack-deb.yml,slack-rpm.yml,zoom-deb.yml,zoom-rpm.yml},
it-and-security/lib/macos/software/zoom.yml, and
it-and-security/teams/workstations.yml.
For #36619. Zed + Opus 4.5, prompt was just "fix
https://github.com/fleetdm/fleet/issues/36619"
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
No changes file as this isn't in a Fleet release.
## Testing
- [ ] QA'd all new/changed functionality manually
---------
Co-authored-by: Allen Houchins <allenhouchins@mac.com>
I tested the uninstall script by:
- Making a new agent package and installing it
- Checking with `dpkg --get-selections | grep 'fleet'` that
fleet-osquery is installed
- Checking with `sudo systemctl list-units | grep 'orbit'` that
orbit.service is running
- Uninstalling the package with uninstall-fleetd-linux.sh
- Checking the above commands again to see that fleet-osquery and
orbit.service are uninstalled.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- For Orbit and Fleet Desktop changes:
- [x] Manual QA done on one Linux machine (Ubuntu 24 on HP laptop).
- updated the script and policy names to reflect naming convention and
look better in Fleet Desktop
- removed script from Servers (canary); since Fleet Desktop is not
enabled on Servers, it leads to awkward conversations when demo'ing with
customers.
For #20675 and #25977.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Move duplicate scripts out of `scripts/mdm/` and into
`it-and-security/` so we have one version that we can continue to
iterate and improve.
- Remove no longer used scripts out of `scripts/mdm/`
---------
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
- Fixed patch logic and updated version strings in Firefox and Slack
policies: fleetdm/confidential#9389
- Implemented custom target scoping for Linux software:
fleetdm/confidential#9348
- Updated and consolidated macOS latest operating system check policy
- Copied policies from "💻🐣 Workstations (canary)" to "💻 Workstations"
team
