From e1b9ade304217fd9ba7867259a170d5902f41a45 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@kernel.org>
Date: Mon, 16 Oct 2023 16:59:09 +0000
Subject: [PATCH] tetragon: Add security override example

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 examples/tracingpolicy/override-security.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 examples/tracingpolicy/override-security.yaml

diff --git a/examples/tracingpolicy/override-security.yaml b/examples/tracingpolicy/override-security.yaml
new file mode 100644
index 00000000000..2a84efe071b
--- /dev/null
+++ b/examples/tracingpolicy/override-security.yaml
@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "syswritefollowfdpsswd"
+spec:
+  kprobes:
+  - call: "security_inode_mkdir"
+    syscall: false
+    selectors:
+    - matchBinaries:
+      - operator: "In"
+        values:
+        - "/usr/bin/bash"
+    - matchActions:
+      - action: Override
+        argError: -1