diff --git a/app/flatpak-builtins-run.c b/app/flatpak-builtins-run.c
index da489d3f..97dc026f 100644
--- a/app/flatpak-builtins-run.c
+++ b/app/flatpak-builtins-run.c
@@ -80,7 +80,11 @@ option_bind_fd_cb (const char  *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      /* Don't close these fds! */
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   if (!flatpak_set_cloexec (fd))
     return glnx_throw_errno_prefix (error, "--bind-fd");
@@ -103,7 +107,10 @@ option_ro_bind_fd_cb (const char  *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   if (!flatpak_set_cloexec (fd))
     return glnx_throw_errno_prefix (error, "--ro-bind-fd");
@@ -126,7 +133,10 @@ opt_instance_id_fd_cb (const char  *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   if (!flatpak_set_cloexec (fd))
     return glnx_throw_errno_prefix (error, "--instance-id-fd");
@@ -148,7 +158,10 @@ opt_app_fd_cb (const char  *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   if (!flatpak_set_cloexec (fd))
     return glnx_throw_errno_prefix (error, "--app-fd");
@@ -170,7 +183,10 @@ opt_usr_fd_cb (const char  *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   if (!flatpak_set_cloexec (fd))
     return glnx_throw_errno_prefix (error, "--usr-fd");
diff --git a/common/flatpak-context.c b/common/flatpak-context.c
index c2656191..96411b25 100644
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -2439,7 +2439,11 @@ option_env_fd_cb (const gchar *option_name,
     return FALSE;
 
   if (fd < 3)
-    return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    {
+      /* Don't close these fds! */
+      fd = -1;
+      return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
+    }
 
   /* This is not strictly necessary, because we're going to close it after
    * parsing the environment block, but let's be consistent with other fd