Fedora CoreOS os-tree apply-live not working

Question

I'm trying to install k3s-selinux on Fedora CoreOS 38 with a systemd unit file:

[Unit]
Description=K3s SELinux policy

Wants=network-online.target
After=network-online.target
Before=zincati.service

ConditionPathExists=!/var/lib/%N.stamp

[Service]
Type=oneshot
RemainAfterExit=yes

ExecStart=/bin/touch /var/lib/%N.stamp
ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive --apply-live k3s-selinux

[Install]
WantedBy=multi-user.target

And it seems to work. However, when I enter in the vm rpm -qa | grep k3s has empty result (it should be k3s-selinux.noarch) and

$ rpm-ostree status
State: idle
AutomaticUpdatesDriver: Zincati
  DriverState: active; periodically polling for updates (last checked Thu 2023-06-22 13:07:50 UTC)
Deployments:
  fedora:fedora/x86_64/coreos/stable
                  Version: 38.20230527.3.0 (2023-06-13T00:08:09Z)
               BaseCommit: a13f4a93e6ce9ba5b0a00f74dc68ee3794aa6910c523aa6b5572e3669b8c1d7e
                   Commit: e97020a3ea57aea75b3d09180f27384066479d0639fe8c91d0ef65d29641c4af
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
                     Diff: 1 added
          LayeredPackages: k3s-selinux

● fedora:fedora/x86_64/coreos/stable
                  Version: 38.20230527.3.0 (2023-06-13T00:08:09Z)
             BootedCommit: a13f4a93e6ce9ba5b0a00f74dc68ee3794aa6910c523aa6b5572e3669b8c1d7e
               LiveCommit: e97020a3ea57aea75b3d09180f27384066479d0639fe8c91d0ef65d29641c4af
                 LiveDiff: 1 added
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
                 Unlocked: transient

So it is transient.

If I try rpm-ostree install -y --allow-inactive --reboot k3s-selinux (--reboot instead of --apply-live), it works:

$ rpm -qa | grep k3s
k3s-selinux-1.4-1.coreos.noarch

$ rpm-ostree status
State: idle
warning: Failed to query journal: couldn't find current boot in journal
AutomaticUpdatesDriver: Zincati
  DriverState: active; periodically polling for updates (last checked Thu 2023-06-22 13:19:36 UTC)
Deployments:
● fedora:fedora/x86_64/coreos/stable
                  Version: 38.20230527.3.0 (2023-06-13T00:08:09Z)
               BaseCommit: a13f4a93e6ce9ba5b0a00f74dc68ee3794aa6910c523aa6b5572e3669b8c1d7e
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
          LayeredPackages: k3s-selinux

  fedora:fedora/x86_64/coreos/stable
                  Version: 38.20230527.3.0 (2023-06-13T00:08:09Z)
                   Commit: a13f4a93e6ce9ba5b0a00f74dc68ee3794aa6910c523aa6b5572e3669b8c1d7e
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464

Why --apply-live does not work? Is there a way to install/updating the package without requiring a reboot?