as someone mentioned, a dedicated real or virtual term (9vx, rpi+9pi) is
the right option. is there a reason this might not work for your
environment?

as for system watchdog, usually an external subsystem is used. i wonder if
a cpu (e.g. 9pi) dedicated to monitoring the main cpu's /proc (and perhaps
/net) for "abnormal activity" (whatever that is) and killing suspicious
procs could work.

On Wed Jan 28 2015 at 6:54:01 AM <lucio@proxima.alt.za> wrote:

> > the reason is that each process can have up to 16mb of stack, and this
> is unaccounted.
> > thus the stack or (seg)?brk can commit to memory that will fault when
> you touch it.
>
> It's a vague recollection, but the fact that the stack is being
> overcommitted rings a bell.  Thanks, Erik.
>
> Lucio.
>
>
>