This needs to be handled at ifupdown level, as processes / executors need to change to / be executed at differing namespaces.
That's hard to do at executor level, and would bloat the shell scripts needlessly

Bellow proposed syntax for how this could work

interfaces file:

*netns* _object_
	Begins a new declaration for _object_ network namespace.
	Designates a network namespace _object_, that should be
	managed and created / destroyed by the system as necessary.

	All following interface declaration blocks will be managed
	from within this namespace.
	
	_object_ can be the name of an new to be created namespace,
	an existing namespace created using iproute2, or 1 meaning
	the init process' namespace.
	
	All interface declaration blocks not within a netns block
	are implied to be within init process' namespace

These could also be marked auto.
When none top level,

auto 1
netns 1

is implied.
I'm not 100% how to handle iface - netns name conflicts within auto
One solution is to not allow auto NETNS, and reserve that functionality only to the above case
Or, when there's ambiguity, look for the next netns or iface keyword, and decide based on that.

Other keywords that could be assigned to a netns object:

• alias
  • Might only be valuable for the init namespace, would allow "renaming" it
• down, up, pre-down etc.
  • See ifup / ifdown bellow
• Something else?

I also considered making this a keyword to be used within loopback interfaces
Maybe that could lead to a simpler implementation, or there's some compatibility consideration I don't know about.
A new top level keyword allows the program to make more assumptions about how to handle the namespace
Maybe ifup -n netns (no interfaces are touched) is valuable?

ifparse / ifquery:

-n, --netns NETNS
	Only match interfaces that are configured as
	part of _NETNS_.

ifup / ifdown:

-n --netns NETNS
	Only match interfaces that are configured as
	part of _NETNS_.
	A new network namespace will only be created
	if at least one interfaces matched.
	----------------------------------
	An existing network namespace will only be
	destroyed if at least one interfaces matched.

Order of operations:

ifup [-n NETNS] -a:

• If no -n NETNS given, process each marked auto
• Create the namespace if necessary
  • This should work identical to ip netns add
• Move process to within the network namespace
• create phase for any auto interfaces
• pre-up CMD defined for the netns block
• pre-up phase for any auto interfaces
• up CMD defined for the netns block
• up phase for any auto interfaces
• post-up CMD defined for the netns block
• post-up phase for any auto interfaces

ifup [-n NETNS] INTERFACES:

• If no -n NETNS given, process each required in the configured order
• Same as above, only configure given interfaces

ifdown [-n NETNS] -a:

• If no -n NETNS given, process each marked auto
• Move process to within the network namespace
• pre-down CMD defined for the netns block
• pre-down phase for any auto interfaces
• down CMD defined for the netns block
• down phase for any auto interfaces
• post-down CMD defined for the netns block
• post-down phase for any auto interfaces
• destroy phase for any auto interfaces
• Destroy the namespace if all managed interfaces are down
  • This should work identical to ip netns delete

ifdown [-n NETNS] INTERFACES:

• If no -n NETNS given, process required in the configured order
• Same as above, only configure given interfaces

As up CMD, pre-down CMD, etc. for interfaces are run after the executor phases, I think running them before for the netns can offer valuable functionality

ifstate file:
There should probably be a field denoting the netns of the interface
As multiple network namespaces allows interfaces with identical names, the above would help to manage that.

@fluvf: Like I have specified in the PR:

• #243

Nice improvements!