diff --git a/collects/racket/sandbox.rkt b/collects/racket/sandbox.rkt
index 62cfc6b27d..119a767e4a 100644
--- a/collects/racket/sandbox.rkt
+++ b/collects/racket/sandbox.rkt
@@ -876,7 +876,6 @@
    (;; create a sandbox context first
     [current-custodian user-cust]
     [current-thread-group (make-thread-group)]
-    [current-namespace (make-evaluation-namespace)]
     ;; set up the IO context
     [current-input-port
      (let ([inp (sandbox-input)])
@@ -945,7 +944,10 @@
     ;; it will not use the new namespace.
     [current-eventspace (parameterize-break
                          #f
-                         (make-eventspace))])
+                         (make-eventspace))]
+    ;; Finally, create the namespace in the restricted environment (in
+    ;; particular, it must be created under the new code inspector)
+    [current-namespace (make-evaluation-namespace)])
    (define t (bg-run->thread (run-in-bg user-process)))
    (set! user-done-evt (handle-evt t (lambda (_) (terminate+kill! #t #t))))
    (set! user-thread t))
diff --git a/collects/tests/racket/sandbox.rktl b/collects/tests/racket/sandbox.rktl
index 4906fe5b4e..aba37edf1d 100644
--- a/collects/tests/racket/sandbox.rktl
+++ b/collects/tests/racket/sandbox.rktl
@@ -516,4 +516,16 @@
       #t))
   (test #t avoid-module-declare-name))
 
+(let ()
+  (define (try lang)
+    (define e (make-evaluator lang))
+    (e '(require ffi/unsafe))
+    (with-handlers ([exn? exn-message]) (e '(ffi-lib #f))))
+  (define r1 (try 'racket/base))
+  (define r2 (try '(begin)))
+  (test #t regexp-match?
+        #rx"access disallowed by code inspector to protected variable"
+        r1)
+  (test #t equal? r1 r2))
+
 (report-errs)