<div>I'm aiming at ~100 new lines of code for daemon. Of course I'll use some batteries included with Python stdlib but they should be safe already.</div>
<div>It should be rather easy to audit them.</div></div></div></div></blockquote></div><div class="gmail_extra"><br></div>Here's my take on this: <a href="https://review.openstack.org/81798">https://review.openstack.org/81798</a></div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Benchmark included showed on my machine these numbers (average over 100 iterations):</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">
<font face="courier new, monospace">Running 'ip a':</font></div><div class="gmail_extra"><font face="courier new, monospace"> ip a : 4.565ms</font></div><div class="gmail_extra">
<font face="courier new, monospace"> sudo ip a : 13.744ms</font></div><div class="gmail_extra"><font face="courier new, monospace"> sudo rootwrap conf ip a : 102.571ms</font></div>
<div class="gmail_extra"><font face="courier new, monospace"> sudo ip netns exec bench_ns ip a : 162.098ms</font></div><div class="gmail_extra"><font face="courier new, monospace"> sudo rootwrap conf ip netns exec bench_ns ip a : 268.115ms</font></div>
<div class="gmail_extra"><font face="courier new, monospace"> daemon.run('ip netns exec bench_ns ip a') : 129.876ms</font></div><div><br></div><div>So it looks like running daemon is actually faster than running "sudo".</div>