diff --git a/examples/policylibrary/privileges/privileges-raise.yaml b/examples/policylibrary/privileges/privileges-raise.yaml
index 10bbb6930a3..aac7eea6e82 100644
--- a/examples/policylibrary/privileges/privileges-raise.yaml
+++ b/examples/policylibrary/privileges/privileges-raise.yaml
@@ -3,7 +3,9 @@
 #
 # 1. Unprivileged creating user namespace to gain new capabilities.
 #
-# 2. Change their uids/gids to user root.
+# 2. Setting or changing capabilities using the capset system call.
+#
+# 3. Change their uids/gids to user root.
 #
 #  __sys_setuid
 #    - __x64_sys_setuid
@@ -62,6 +64,49 @@ metadata:
     description: "Detects privileges raising operations"
 spec:
   kprobes:
+  - call: "security_capset"
+    syscall: false
+    return: true
+    message: "Process changed its capabilities using capset system call"
+    args:
+    - index: 0
+      type: "nop"
+    - index: 1
+      type: "cred"
+    - index: 2
+      type: "cap_effective"
+    - index: 3
+      type: "cap_inheritable"
+    - index: 4
+      type: "cap_permitted"
+    returnArg:
+      index: 0
+      type: "int"
+    selectors:
+    - matchArgs:
+      - index: 2
+        operator: "NotEqual"
+        values:
+        - "0"
+      matchActions:
+      - action: Post
+        rateLimit: "1m"  # Rate limit messages to 1min
+    - matchArgs:
+      - index: 3
+        operator: "NotEqual"
+        values:
+        - "0"
+      matchActions:
+      - action: Post
+        rateLimit: "1m"  # Rate limit messages to 1min
+    - matchArgs:
+      - index: 4
+        operator: "NotEqual"
+        values:
+        - "0"
+      matchActions:
+      - action: Post
+        rateLimit: "1m"  # Rate limit messages to 1min
   - call: "create_user_ns"
     syscall: false
     return: true