From dfa6da47a313f56c2d31a25e2a51d7593fe774a9 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Tue, 3 May 2016 15:45:28 -0700
Subject: [PATCH] Update README to always use local kernel module.

Instead of suggesting using a kernel module from an installed version of
sysdig, always recommend unloading any existing module and using the
locally built one.
---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2b4a451e..28295727 100644
--- a/README.md
+++ b/README.md
@@ -98,9 +98,15 @@ $ make
 
 as a result, you should have a falco executable in `build/userspace/falco/falco`.
 
-### (Optional) Install sysdig kernel driver
+### Load latest sysdig kernel module
 
-If you have a binary version of sysdig installed, the sysdig kernel module is already loaded and can be used by falco. Otherwise, you should load the kernel module from the sysdig source directory. Assuming you are in the `build` dir, you can install the kernel module via:
+If you have a binary version of sysdig installed, an older sysdig kernel module may already be loaded. To ensure you are using the latest version, you should unload any existing sysdig kernel module and load the locally built version.
+
+Unload any existing kernel module via:
+
+`$ rmmod sysdig_probe`
+
+To load the locally built version, assuming you are in the `build` dir, use:
 
 `$ insmod driver/sysdig-probe.ko`