/docs/use-cases/security-profiles/ Recent content in Security Profiles on Tetragon - eBPF-based Security Observability and Runtime Enforcement Hugo en /docs/use-cases/security-profiles/record-linux-capabilities/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/use-cases/security-profiles/record-linux-capabilities/ When the kernel needs to perform a privileged operation on behalf of a process, it checks the Capabilities of the process and issues a verdict to allow or deny the operation. Tetragon is able to record these checks performed by the kernel. This can be used to answer the following questions: What is the capabilities profile of pods or containters running in the cluster? What capabilities to add or remove when configuring a security context for a pod or container?