From 21daede1fb9eeac2a3120f7baa192a234cd37895 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@kernel.org>
Date: Wed, 21 Jun 2023 11:00:45 +0000
Subject: [PATCH] tetragon: Add example killer policy

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 examples/tracingpolicy/killer.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 examples/tracingpolicy/killer.yaml

diff --git a/examples/tracingpolicy/killer.yaml b/examples/tracingpolicy/killer.yaml
new file mode 100644
index 00000000000..e0907204dfe
--- /dev/null
+++ b/examples/tracingpolicy/killer.yaml
@@ -0,0 +1,29 @@
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "kill-syscalls"
+spec:
+  killers:
+  - syscalls:
+    - "sys_dup"
+  tracepoints:
+  - subsystem: "raw_syscalls"
+    event: "sys_enter"
+    args:
+    - index: 4
+      type: "uint64"
+    selectors:
+    - matchArgs:
+      - index: 0
+        operator: "InRefMap"
+        values:
+        - "ref:killer"
+      matchPIDs:
+      - operator: In
+        followForks: true
+        values:
+        - 137562
+      matchActions:
+      - action: "NotifyKiller"
+        argError: -1
+        argSig: 9