diff --git a/neutron/privileged/__init__.py b/neutron/privileged/__init__.py
index f4fc471ede6..f1129a2316b 100644
--- a/neutron/privileged/__init__.py
+++ b/neutron/privileged/__init__.py
@@ -46,3 +46,11 @@ ovs_vsctl_cmd = priv_context.PrivContext(
     capabilities=[caps.CAP_SYS_ADMIN,
                   caps.CAP_NET_ADMIN]
 )
+
+
+namespace_cmd = priv_context.PrivContext(
+    __name__,
+    cfg_section='privsep_namespace',
+    pypath=__name__ + '.namespace_cmd',
+    capabilities=[caps.CAP_SYS_ADMIN]
+)
diff --git a/neutron/privileged/agent/linux/ip_lib.py b/neutron/privileged/agent/linux/ip_lib.py
index 5ea055282bd..b736fe2bb3a 100644
--- a/neutron/privileged/agent/linux/ip_lib.py
+++ b/neutron/privileged/agent/linux/ip_lib.py
@@ -532,7 +532,7 @@ def dump_neigh_entries(ip_version, device, namespace, **kwargs):
     return entries
 
 
-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def create_netns(name, **kwargs):
     """Create a network namespace.
 
@@ -553,7 +553,7 @@ def create_netns(name, **kwargs):
             raise RuntimeError(_('Error creating namespace %s' % name))
 
 
-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def remove_netns(name, **kwargs):
     """Remove a network namespace.
 
@@ -566,7 +566,7 @@ def remove_netns(name, **kwargs):
             raise
 
 
-@privileged.default.entrypoint
+@privileged.namespace_cmd.entrypoint
 def list_netns(**kwargs):
     """List network namespaces.