As a general rule, you should not install software on your ELM.  While there are some circumstances where it will work fine, it is likely to cause software dependency problems that will block App Layering updates.  App Layering is very particular about the Linux software packages and versions installed. Each App Layering release includes the latest security updates available from the distro maintainer.

What you must not do:

• Install Linux kernel updates
• Install updates to system libraries
• Install security patches
• Install updates to other system software, including Mono, MySQL, OpenSSL, Apache, Node and any other package listed in "rpm -qa"
• Install software which will install any of the above as a prerequisite, including compilers and development environments

What you should not do:

• Install additional virtual hardware, including additional NIC devices
• Install Antivirus or security software which might block or restrict the ELM's normal function

What you can do:

• Install completely separate packages, like net-snmp, which do not conflict or affect the system
• Install vendor-provided precompiled binaries
• Configure system settings like DNS, timezone, networking and the firewall
• Create user accounts

App Layering is based on Oracle Linux 8 (from version 2409 and forward. Or CentOS 7 for 2403 and prior), and is a full distribution containing many standard system tools.  However, if you are required to install other software, you need to make sure it does not affect the versions of already installed packages.  If you update the existing packages, you may be unable to update the App Layering software in the ELM later, and we may be unable to resolve the dependency failures.  We would then have to deploy a new ELM and transplant the database and/or layers to the new ELM virtual machine.

Note about the "What you should not do" section: these are options that might work, but are untested and depend greatly on the specifics of the operation.  A passthrough USB device might work, for instance, as long as the LVM doesn't decide that it's an available device to expand the Layer Service repository onto.  Multiple NICs might work, but there are places where we provide the IP address of the ELM to another system for reverse communication, and it needs to choose the right interface.  We have no way of specifying which interface to choose.  Security software might coexist fine with our software and VHD files, but since we do not test them, we have no way of knowing which ones will be a problem.  We always recommend making snapshots or backup clones of the ELM when experimenting with untested configuration changes.  We might not be able to support your specific situation, and we might not be able to recover.