For anyone else wanting to install Kolide on Fedora Silverblue before it's officially supported, I've open sourced an RPM rebuild script and sent out PR"s to improve support on the launcher side: https://github.com/chainguard-dev/kolide-silverblue

Thanks @Thomas Stromberg !

Naive questions about silverblue…. • Can rpms be compatible with both silverblue, fedora, and rhel? • I know silverblue is immutable, is that everything? How would we do things like updates and localdatabases? I assume there’s something in var? • Would this all just work if we moved from

/user/local

to

/opt/kolide

?

@seph - Great questions that I too did not have answers for until we began rolling it out here. • Yes, they can. I believe the main failure here is that

/usr/local

is a symlink to

/var/usrlocal

on Fedora Silverblue, which causes the

rpm-ostree

to fail

opendir

to fail for reasons I haven't dug into. Kolide isn't the only one to have hit this, see https://github.com/coreos/rpm-ostree/issues/4903 • Silverblue is "immutable" only as much as modern macOS versions are. /etc, /opt, and /var are still fully mutable. It's not as strict as CrOS. • Yes. The only caveat I can think of for a move to /opt is that if SELinux is enabled,

bin_t

needs to be set on

/opt/kolide-k2/bin

- otherwise systemd will fail to start with a mystery 203/EXEC error. I believe that the RPM set this magic bit automatically though!

That sounds like fairly tractable work to me.