diff --git a/demo/opae-nlb-demo/Dockerfile b/demo/opae-nlb-demo/Dockerfile
index 4ca4238f2..7ff47f5de 100644
--- a/demo/opae-nlb-demo/Dockerfile
+++ b/demo/opae-nlb-demo/Dockerfile
@@ -17,6 +17,8 @@ RUN swupd update --no-boot-update ${CLEAR_LINUX_VERSION} && \
 # Fetch dependencies and source code
 ARG OPAE_RELEASE=1.4.0-1
 
+# workaround for a swupd failure discussed in https://github.com/clearlinux/distribution/issues/831
+RUN ldconfig
 RUN mkdir -p /usr/src/opae && \
     cd /usr/src/opae && \
     wget https://github.com/OPAE/opae-sdk/archive/${OPAE_RELEASE}.tar.gz && \
diff --git a/deployments/qat_plugin/overlays/apparmor_unconfined/add-apparmor-unconfined-intel-qat.yaml b/deployments/qat_plugin/overlays/apparmor_unconfined/add-apparmor-unconfined-intel-qat.yaml
new file mode 100644
index 000000000..082916034
--- /dev/null
+++ b/deployments/qat_plugin/overlays/apparmor_unconfined/add-apparmor-unconfined-intel-qat.yaml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: intel-qat-plugin
+spec:
+  template:
+    metadata:
+      annotations:
+        container.apparmor.security.beta.kubernetes.io/intel-qat-plugin: unconfined
diff --git a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml
new file mode 100644
index 000000000..9ac41de14
--- /dev/null
+++ b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml
@@ -0,0 +1,4 @@
+bases:
+  - ../../base
+patches:
+- add-apparmor-unconfined-intel-qat.yaml