Comment 12 for bug 1403455

Thanks @assaf, let's let others pick it up.

After much thinking (and quite little doing) I believe the option "2" I proposed is a rather reasonable one:

2) Before cleaning a namespace blindly in the end, identify any network service in the namespace (via netstat), kill those processes, so they aren't orphaned, and then, kill the namespace.

Any process should be safely killed that way, and if it's not, we can complicate our lifes and code with "1":
1) Use stevedore HookManager to let out-of-tree repos register netns prefixes declaration, and netns cleaners,
    so every piece of code (in-tree or out-of-tree) declare which netns prefixes they use, and provide a netns cleanup
    hook to be called.

or something of that sort.