## Summary
- Adds cross-platform disk space check policies (macOS, Windows, Linux)
scoped to the workstations team
- Each policy calculates the percentage of available disk space relative
to total disk space and **fails when available disk space is 10% or
less**
- macOS/Linux policies query the `mounts` table for the root partition
(`/`); Windows policy queries the `logical_drives` table for NTFS drives
- Resolution contact channel is `#help-it`
### New files
- `it-and-security/lib/macos/policies/disk-space-check.yml`
- `it-and-security/lib/windows/policies/disk-space-check.yml`
- `it-and-security/lib/linux/policies/disk-space-check.yml`
### Modified files
- `it-and-security/teams/workstations.yml` — registers the three new
policies
### How it works
| Platform | Query logic |
|---|---|
| macOS | `SELECT 1 FROM mounts WHERE path = '/' AND
CAST(blocks_available AS REAL) / blocks > 0.10` |
| Linux | `SELECT 1 FROM mounts WHERE path = '/' AND
CAST(blocks_available AS REAL) / blocks > 0.10` |
| Windows | `SELECT 1 WHERE (SELECT CAST(SUM(free_space) AS REAL) /
SUM(size) FROM logical_drives WHERE file_system = 'NTFS') > 0.10` |
- **Pass (returns rows):** available disk space is more than 10%
- **Fail (returns no rows):** available disk space is 10% or less
### Why >10% free disk space matters
Each policy description now includes context on why maintaining
sufficient free disk space is important:
- **System stability:** Low disk space can cause system instability,
slowdowns, and crashes
- **OS requirements:** Operating systems need free space for virtual
memory/swap, temporary files, and system updates
- **Application reliability:** Applications may fail to save data or
function properly when disk space is critically low
- **Data protection:** Keeping sufficient free space ensures reliable
performance and prevents data loss
Built for [Allen
Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1772934328893319?thread_ts=1772933835.386689&cid=D0AFASNBZMW)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
- updated the script and policy names to reflect naming convention and
look better in Fleet Desktop
- removed script from Servers (canary); since Fleet Desktop is not
enabled on Servers, it leads to awkward conversations when demo'ing with
customers.
For #20675 and #25977.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)).
- [X] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
