diff --git a/examples/tracingpolicy/killer.yaml b/examples/tracingpolicy/killer.yaml
new file mode 100644
index 00000000000..e0907204dfe
--- /dev/null
+++ b/examples/tracingpolicy/killer.yaml
@@ -0,0 +1,29 @@
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "kill-syscalls"
+spec:
+  killers:
+  - syscalls:
+    - "sys_dup"
+  tracepoints:
+  - subsystem: "raw_syscalls"
+    event: "sys_enter"
+    args:
+    - index: 4
+      type: "uint64"
+    selectors:
+    - matchArgs:
+      - index: 0
+        operator: "InRefMap"
+        values:
+        - "ref:killer"
+      matchPIDs:
+      - operator: In
+        followForks: true
+        values:
+        - 137562
+      matchActions:
+      - action: "NotifyKiller"
+        argError: -1
+        argSig: 9