I really ^ want better control of options config. I want to be able to target options at labels, as well as platform, osquery version, kernel version. Why labels? To target different types of systems (e.g., prod vs stg; AWS vs Azure, workstation vs server) Why osquery version / kernel version? On Linux (< 4.18) or osquery < 4.16.0, enable process_events tables (and other audit options). On Linux 4.18+ & osquery 4.16.0+, enable bpf events in options and disable audit settings. Currently - this sort of thing just can't be done in fleet, so I have to work around it by not setting it at all through fleet and configuring through the flagfiles of systems. I'd much rather be able to control this through fleet!

Thanks for the background Brendan. I went ahead and set up an issue here: https://github.com/fleetdm/fleet/issues/255