diff --git a/roles/rke2/templates/manifests/deploy-tetragon.j2 b/roles/rke2/templates/manifests/deploy-tetragon.j2
index f131797ae4992b9693f4aa92a9ac84ac1846c1e7..907a79870bfe918f420d528aaf46e6fa093aaa6a 100644
--- a/roles/rke2/templates/manifests/deploy-tetragon.j2
+++ b/roles/rke2/templates/manifests/deploy-tetragon.j2
@@ -12,3 +12,32 @@ spec:
   chart: tetragon
   version: {{ item.value.version | default("v0.8.0") }}
   targetNamespace: kube-system
+
+---
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "sys-pivot-root"
+spec:
+  kprobes:
+  # __x64_sys_pivot_root(const char new root, const char put_old)
+  - call: "__x64_sys_pivot_root"
+    syscall: true
+    args:
+      - index: 0
+        type: "string"
+      - index: 1
+        type: "string"
+    selectors:
+    - matchPIDs:
+      - operator: NotIn
+        followForks: true
+        isNamespacePID: true
+        values:
+        - 1
+      - operator: NotIn
+        followForks: true
+        isNamespacePID: true
+        values:
+        - 0
+