In spite of my +1 I actually agree. I had forgotten about the sanity
check framework. We put it in place to avoid an excessive (and
growing) amount of checks to be done in runtime.
In this case several agents need would be doing the same check.
We should do things either one way or another, but
Kevin Benton has proposed adding a runtime check for netns permission problems:
https://review.openstack.org/#/c/109736/
There seems to be consensus on the patch that this is something that we want to
do at runtime, but that would seem to run counter to the precedent that
host-specific issues