/docs/concepts/enforcement/ Recent content in Enforcement on Tetragon - eBPF-based Security Observability and Runtime Enforcement Hugo en /docs/concepts/enforcement/persistent-enforcement/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/concepts/enforcement/persistent-enforcement/ This page shows you how to configure persistent enforcement. Concept The idea of persistent enforcement is to allow the enforcement policy to continue running even when its tetragon process is gone. This is configured with the --keep-sensors-on-exit option. When the tetragon process exits, the policy stays active because it’s pinned in sysfs bpf tree under /sys/fs/bpf/tetragon directory. When a new tetragon process is started, it performs the following actions: checks if there’s existing /sys/fs/bpf/tetragon and moves it to /sys/fs/bpf/tetragon_old directory; sets up configured policy; removes /sys/fs/bpf/tetragon_old directory.