as someone mentioned, a dedicated real or virtual term (9vx, rpi+9pi) is the right option. is there a reason this might not work for your environment?

as for system watchdog, usually an external subsystem is used. i wonder if a cpu (e.g. 9pi) dedicated to monitoring the main cpu's /proc (and perhaps /net) for "abnormal activity" (whatever that is) and killing suspicious procs could work.

On Wed Jan 28 2015 at 6:54:01 AM <lucio@proxima.alt.za> wrote:
> the reason is that each process can have up to 16mb of stack, and this is unaccounted.
> thus the stack or (seg)?brk can commit to memory that will fault when you touch it.

It's a vague recollection, but the fact that the stack is being
overcommitted rings a bell.  Thanks, Erik.

Lucio.