darlinghq · HinTak · May 9, 2020 · May 10, 2020 · May 11, 2020 · May 11, 2020
diff --git a/src/build-instructions.md b/src/build-instructions.md
@@ -71,6 +71,9 @@ For Ubuntu 20.04, also install `python2`.
   ffmpeg-devel pulseaudio-libs-devel libxkbfile-devel openssl-devel llvm libcap-devel
   ```
 
+
+  See also the `rpm/` sub-directory for docker-compose instructions.
+
 **OpenSUSE Tumbleweed**
 
   You will need to build Darling with only the 64bit components. See **Build Options** for instructions. 
@@ -121,9 +124,7 @@ If you have already cloned Darling and would like to get the latest changes, do
 
 ```
 $ git lfs install
-$ git pull
-$ git submodule init
-$ git submodule update
+$ git pull --recurse-submodules
 ```
 
 # Build
@@ -159,6 +160,12 @@ $ make lkm
 $ sudo make lkm_install
 ```
 
+The above builds against your currently running kernel. If you need to build against a different one from your running kernel, set `KERNELDIR`:
+
+```
+$ KERNELDIR=/lib/modules/5.6.19-300.fc32.x86_64/build/ make lkm
+```
+
 If module installation produces warnings such as `SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175`, then these can be usually ignored, unless you configured your system to enforce secure boot.
 
 The kernel module is an experimental piece of code; it's likely to have many bugs and vulnerabilities. Be prepared for kernel hangups and crashes, and run Darling on a virtual machine if possible.
@@ -226,6 +233,8 @@ Cannot open mnt namespace file: No such file or directory
 ```
 
 To work around this try this command: `setsebool -P mmap_low_allowed 1`.
+( `-P` means persistent - Don't use this option if you prefer to auto-revert this change after reboot.
+See `man 8 kernel_selinux` of selinux policy documentation for details. )
 
 ### Secure Boot
 
@@ -243,11 +252,27 @@ Use the following commands to generate a key and self-sign the kernel module:
 openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Darling LKM/"
 # Enroll Key
 sudo mokutil --import MOK.der
-# Sign Module
+```
+
+Fedora ships the signing certificates of their release kernels in `/usr/share/doc/kernel-keys/` as part of the `kernel-core` package.
+
+The signing tool is `scripts/sign-file.c` within the kernel source tree. See `Documentation/admin-guide/module-signing.rst` at https://www.kernel.org for usage.
+This tool is packaged differently for different Linux distributions:
+
+```
+# Fedora - Sign Module
+sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-mach.ko
+sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-overlay.ko
+
+# Ubuntu (not Debian) - Sign Module
 sudo kmodsign sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-mach.ko
+sudo kmodsign sha512 MOK.priv MOK.der /lib/modules/$(uname -r)/extra/darling-overlay.ko
+
 # Reboot System and Enroll Key
 ```
 
+Debian / Raspbian does not provide this tool in binary form (Debian bug #939393, Sept 2019), nor SuSE. You may need to build it by `make scripts`
+in a kernel source tree.
 
 ### No rule to make target 'modules'
 

diff --git a/src/darling-prefix.md b/src/darling-prefix.md
@@ -8,6 +8,11 @@ The container uses overlayfs along with a user mount namespace to provide a diff
 
 When you run an executable inside the prefix for the first time (after boot), `launchd`, the Darwin init process representing the container is started. This init process keeps the root file system mounted.
 
+Note: Do not put an ending `/` in the variable - Darling uses `${DPREFIX}.workdir` directly as overlayfs's working directory,
+and `someplace/.workdir` breaks it. Also, do not create it beforehand (unlike WINE) - if the directory exists and empty, it confuses darling.
+
+Also, cannot set DPREFIX via `DPREFIX=prefix darling shell` (unlike wine) - you will see an error message about `Target executable not found: /sbin/launchd`.
+
 ## Updating the prefix
 
 Unlike Wine, Darling doesn't need to update the prefix whenever the Darling installation is updated. There is one caveat, though: since overlayfs caches the contents of underlying file system(s), you may need to terminate the container to see Darling's updated files:

diff --git a/src/what-to-try.md b/src/what-to-try.md
@@ -221,6 +221,9 @@ System/
     com.apple.xpc.system (XPC Singleton Domain)/
 ```
 
+And, `launchctl shutdown` for completely shutting down darling, including lingering background processes.
+This might be useful if you want to unload the kernel modules, for example.
+
 Read `man launchctl` for more information of other commands `launchctl` has.
 
 ## Fetch a webpage