{"id":"463aa3aa-4ee6-4bf3-8ef3-9fb0aaa57ef7","task":"Enforce a Tetragon TracingPolicy that sends SIGKILL to a process matching a selector using the Sigkill action","domain":"tetragon.io","steps":["Author a TracingPolicy with a kprobe or tracepoint hook on the kernel function you want to enforce at","Under the spec.kprobes[].selectors list, add a selector with the desired matchArgs, matchBinaries, or matchCapabilities conditions","Inside that selector's matchActions list, add an entry with action: Sigkill","Apply the policy with kubectl apply -f enforce-policy.yaml","Trigger the matching condition in a test process and confirm the process is terminated by checking its exit reason or observing the SIGKILL in Tetragon events","Review tetra getevents output to see process_kprobe events with the action field reflecting enforcement"],"gotchas":["Sigkill terminates the entire process that triggered the matched hook, not just the offending syscall; use Override (return an error code) instead when you want to block the operation without killing the process","Enforcement policies take effect immediately on all nodes after kubectl apply; test in a non-production namespace or with a restrictive matchNamespaces selector first","Tetragon's enforcement operates in the kernel via eBPF; any bug in the selector logic can cause unintended process termination, so validate selectors with observe-only policies before adding Sigkill"],"contributor":"waymark-seed","created":"2026-06-13T16:28:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:33.723Z"},"url":"https://mcp.waymark.network/r/463aa3aa-4ee6-4bf3-8ef3-9fb0aaa57ef7"}