4 files changed, 42 insertions, 4 deletions

diff --git a/src/nxt_conf.c b/src/nxt_conf.c
index 59eddd77..43820d2a 100644
--- a/src/nxt_conf.c
+++ b/src/nxt_conf.c
@@ -228,6 +228,13 @@ nxt_conf_get_integer(nxt_conf_value_t *value)
 }
 
 
+uint8_t
+nxt_conf_get_boolean(nxt_conf_value_t *value)
+{
+    return value->u.boolean;
+}
+
+
 nxt_uint_t
 nxt_conf_object_members_count(nxt_conf_value_t *value)
 {
diff --git a/src/nxt_conf.h b/src/nxt_conf.h
index 725a6c95..66201fee 100644
--- a/src/nxt_conf.h
+++ b/src/nxt_conf.h
@@ -115,6 +115,7 @@ NXT_EXPORT void nxt_conf_set_string(nxt_conf_value_t *value, nxt_str_t *str);
 NXT_EXPORT nxt_int_t nxt_conf_set_string_dup(nxt_conf_value_t *value,
     nxt_mp_t *mp, nxt_str_t *str);
 NXT_EXPORT int64_t nxt_conf_get_integer(nxt_conf_value_t *value);
+NXT_EXPORT uint8_t nxt_conf_get_boolean(nxt_conf_value_t *value);
 
 // FIXME reimplement and reorder functions below
 nxt_uint_t nxt_conf_object_members_count(nxt_conf_value_t *value);
diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c
index 84f6e2a2..4e55dcfa 100644
--- a/src/nxt_main_process.c
+++ b/src/nxt_main_process.c
@@ -1600,11 +1600,9 @@ nxt_init_set_ns(nxt_task_t *task, nxt_process_init_t *init,
             return NXT_ERROR;
         }
 
-        if (nxt_conf_get_integer(value) == 0) {
-            continue;  /* process shares everything by default */
+        if (nxt_conf_get_boolean(value)) {
+            init->isolation.clone.flags |= flag;
         }
-
-        init->isolation.clone.flags |= flag;
     }
 
     return NXT_OK;
diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py
index 780c2b03..ee5ddf47 100644
--- a/test/test_go_isolation.py
+++ b/test/test_go_isolation.py
@@ -130,6 +130,38 @@ class TestGoIsolation(TestApplicationGo):
 
         self.assertEqual(obj['PID'], 1, 'pid of container is 1')
 
+    def test_isolation_namespace_false(self):
+        self.load('ns_inspect')
+        allns = list(self.available['features']['isolation'].keys())
+
+        remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup']
+        allns = [ns for ns in allns if ns not in remove_list]
+
+        namespaces = {}
+        for ns in allns:
+            if ns == 'user':
+                namespaces['credential'] = False
+            elif ns == 'mnt':
+                namespaces['mount'] = False
+            elif ns == 'net':
+                namespaces['network'] = False
+            elif ns == 'uts':
+                namespaces['uname'] = False
+            else:
+                namespaces[ns] = False
+
+        self.conf_isolation({"namespaces": namespaces})
+
+        obj = self.isolation.parsejson(self.get()['body'])
+
+        for ns in allns:
+            if ns.upper() in obj['NS']:
+                self.assertEqual(
+                    obj['NS'][ns.upper()],
+                    self.available['features']['isolation'][ns],
+                    '%s match' % ns,
+                )
+
 
 if __name__ == '__main__':
     TestGoIsolation.main()