as someone mentioned, a dedicated real or virtual term (9vx, rpi+9pi) is the right option. is there a reason this might not work for your environment?<br><br><div>as for system watchdog, usually an external subsystem is used. i wonder if a cpu (e.g. 9pi) dedicated to monitoring the main cpu&#39;s /proc (and perhaps /net) for &quot;abnormal activity&quot; (whatever that is) and killing suspicious procs could work.</div><br><div class="gmail_quote">On Wed Jan 28 2015 at 6:54:01 AM &lt;<a href="mailto:lucio@proxima.alt.za">lucio@proxima.alt.za</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">&gt; the reason is that each process can have up to 16mb of stack, and this is unaccounted.<br>
&gt; thus the stack or (seg)?brk can commit to memory that will fault when you touch it.<br>
<br>
It&#39;s a vague recollection, but the fact that the stack is being<br>
overcommitted rings a bell.  Thanks, Erik.<br>
<br>
Lucio.<br>
<br>
<br>
</blockquote></div>