From c35a98a56f6520e9acda1e3b72a55c4dc299189d Mon Sep 17 00:00:00 2001
From: Rahul Jadhav <nyrahul@gmail.com>
Date: Sun, 10 Sep 2023 01:37:27 +0530
Subject: [PATCH 1/2] added CLOMonitor badge

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 452526fad0..82bef9cecc 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 
 [![Build Status](https://github.com/kubearmor/KubeArmor/actions/workflows/ci-go.yml/badge.svg)](https://github.com/kubearmor/KubeArmor/actions/workflows/ci-go.yml/)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5401/badge)](https://bestpractices.coreinfrastructure.org/projects/5401)
+[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/kubearmor/badge)](https://clomonitor.io/projects/cncf/kubearmor)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubearmor/kubearmor/badge)](https://securityscorecards.dev/viewer/?uri=github.com/kubearmor/kubearmor)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkubearmor%2FKubeArmor.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubearmor%2FKubeArmor?ref=badge_shield)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkubearmor%2FKubeArmor.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubearmor%2FKubeArmor?ref=badge_shield)

From 5b26f2d74c72ad21381108805a03f4aee3257966 Mon Sep 17 00:00:00 2001
From: Rahul Jadhav <nyrahul@gmail.com>
Date: Sat, 16 Sep 2023 08:36:14 +0530
Subject: [PATCH 2/2] FAQ for kind with apparmor deployment

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
---
 getting-started/FAQ.md              | 32 +++++++++++++++++++++++++++++
 getting-started/deployment_guide.md |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/getting-started/FAQ.md b/getting-started/FAQ.md
index 220673ee04..c30e703ecb 100644
--- a/getting-started/FAQ.md
+++ b/getting-started/FAQ.md
@@ -256,3 +256,35 @@ One can enable the host policy by patching the daemonset (`kubectl edit daemonse
 This will enable the `KubeArmorHostPolicy` and host based visibility for the k8s worker nodes.
 
 </details>
+
+<details><summary><h4>Unable to get KubeArmor policy enforcement with Kind clusters</h4></summary>
+
+KubeArmor works out of the box with Kind clusters supporting BPF-LSM. However, with AppArmor only mode, Kind cluster needs additional provisional steps. You can check if BPF-LSM is supported/enabled on your host (on which the kind cluster is to be deployed) by using following:
+```
+cat /sys/kernel/security/lsm
+```
+* If it has `bpf` in the list, then everything should work out of the box
+* If it has `apparmor` in the list, then follow the steps mentioned in this FAQ.
+
+## 1. Create Kind cluster
+```sh
+cat <<EOF | kind create cluster --config -
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- extraMounts:
+  - hostPath: /sys/kernel/security
+    containerPath: /sys/kernel/security
+EOF
+```
+
+## 2. Exec into kind node & install apparmor util
+```sh
+docker exec -it kind-control-plane bash
+apt update && apt install apparmor-utils -y && systemctl restart containerd
+```
+
+After this, exit out of the node shell and follow the [getting-started guide](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/deployment_guide.md).
+
+</details>
+
diff --git a/getting-started/deployment_guide.md b/getting-started/deployment_guide.md
index 468dead826..931b634d57 100644
--- a/getting-started/deployment_guide.md
+++ b/getting-started/deployment_guide.md
@@ -69,7 +69,7 @@ EOF
 
 Now execute the `apt` command to download the `masscan` tool.
 ```
-kubectl exec -it $POD -- sh -c "apt update && apt install masscan"
+kubectl exec -it $POD -- bash -c "apt update && apt install masscan"
 ```
 
 It will be denied permission to execute.