diff --git a/bubblewrap.c b/bubblewrap.c
index f8728c7e..a176f533 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -3143,12 +3143,12 @@ main (int    argc,
   if (pid != 0)
     {
       /* Parent, outside sandbox, privileged (initially) */
+      cleanup_fdp (&intermediate_pids_sockets[PIPE_WRITE_END]);
 
-      if (intermediate_pids_sockets[0] != -1)
+      if (intermediate_pids_sockets[PIPE_READ_END] != -1)
         {
-          close (intermediate_pids_sockets[1]);
-          pid = read_pid_from_socket (intermediate_pids_sockets[0]);
-          close (intermediate_pids_sockets[0]);
+          pid = read_pid_from_socket (intermediate_pids_sockets[PIPE_READ_END]);
+          cleanup_fdp (&intermediate_pids_sockets[PIPE_READ_END]);
         }
 
       /* Discover namespace ids before we drop privileges */
@@ -3212,6 +3212,8 @@ main (int    argc,
       return monitor_child (event_fd, pid, setup_finished_pipe[0]);
     }
 
+  cleanup_fdp (&intermediate_pids_sockets[PIPE_READ_END]);
+
   if (opt_pidns_fd > 0)
     {
       if (setns (opt_pidns_fd, CLONE_NEWPID) != 0)
@@ -3231,10 +3233,8 @@ main (int    argc,
         }
 
       /* We're back, either in a child or grandchild, so message the actual pid to the monitor */
-
-      close (intermediate_pids_sockets[0]);
-      send_pid_on_socket (intermediate_pids_sockets[1]);
-      close (intermediate_pids_sockets[1]);
+      send_pid_on_socket (intermediate_pids_sockets[PIPE_WRITE_END]);
+      cleanup_fdp (&intermediate_pids_sockets[PIPE_WRITE_END]);
     }
 
   /* Child, in sandbox, privileged in the parent or in the user namespace (if --unshare-user).
diff --git a/utils.c b/utils.c
index 51875aea..4995edda 100644
--- a/utils.c
+++ b/utils.c
@@ -782,6 +782,12 @@ send_pid_on_socket (int sockfd)
     die_with_error ("Can't send pid");
 }
 
+/*
+ * Create a socket pair such that if one process calls
+ * send_pid_on_socket(sockets[PIPE_WRITE_END]),
+ * another process will be able to call
+ * read_pid_from_socket(sockets[PIPE_READ_END]).
+ */
 void
 create_pid_socketpair (int sockets[2])
 {
@@ -790,7 +796,7 @@ create_pid_socketpair (int sockets[2])
   if (socketpair (AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, sockets) != 0)
     die_with_error ("Can't create intermediate pids socket");
 
-  if (setsockopt (sockets[0], SOL_SOCKET, SO_PASSCRED, &enable, sizeof (enable)) < 0)
+  if (setsockopt (sockets[PIPE_READ_END], SOL_SOCKET, SO_PASSCRED, &enable, sizeof (enable)) < 0)
     die_with_error ("Can't set SO_PASSCRED");
 }