Create a TracingPolicy with a kprobe on the commit_creds kernel function, which is called whenever a process's credentials are updated
Declare the cred struct as the first argument so Tetragon can extract UID, GID, and capability fields from the new credentials
Add a matchArgs or matchCaps selector that triggers when the new UID equals 0 or when capabilities such as CAP_SYS_ADMIN are gained
Optionally add matchBinaries to flag only unexpected binaries performing the privilege change
Apply the policy and simulate a privilege escalation (e.g., via a setuid binary in a test container); confirm Tetragon emits a process_kprobe event
Forward events to a SIEM via tetra getevents --output json for correlation and alerting
Known gotchas
commit_creds is called frequently by legitimate processes for low-privilege credential adjustments; overly broad selectors without UID or capability filters will generate very high event volumes
Kernel struct field layouts for cred vary across kernel versions; rely on Tetragon's built-in cred argument type rather than manual byte offsets
Enforcement (Sigkill) on commit_creds fires before the credential change completes, effectively blocking the escalation at the kernel level, but must be tested carefully to avoid breaking legitimate setuid flows
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp