diff --git a/arch/src/lib.rs b/arch/src/lib.rs
index 6cd4dde8d4..807a4dfa3d 100644
--- a/arch/src/lib.rs
+++ b/arch/src/lib.rs
@@ -142,7 +142,7 @@ pub fn generate_pci_root(devices: Vec<(Box<PciDevice + 'static>, Minijail)>,
     let mut root = PciRoot::new();
     let mut pci_irqs = Vec::new();
     for (dev_idx, (mut device, jail)) in devices.into_iter().enumerate() {
-        let mut keep_fds = Vec::new();
+        let mut keep_fds = device.keep_fds();
         syslog::push_fds(&mut keep_fds);
 
         let irqfd = EventFd::new().map_err(DeviceRegistrationError::EventFdCreate)?;
diff --git a/devices/src/pci/pci_device.rs b/devices/src/pci/pci_device.rs
index 7803a550b2..3e02db34a4 100644
--- a/devices/src/pci/pci_device.rs
+++ b/devices/src/pci/pci_device.rs
@@ -5,6 +5,7 @@
 use byteorder::{ByteOrder, LittleEndian};
 
 use std;
+use std::os::unix::io::RawFd;
 
 use pci::pci_configuration::PciConfiguration;
 use pci::PciInterruptPin;
@@ -23,6 +24,9 @@ pub enum Error {
 pub type Result<T> = std::result::Result<T, Error>;
 
 pub trait PciDevice: Send {
+    /// A vector of device-specific file descriptors that must be kept open
+    /// after jailing. Must be called before the process is jailed.
+    fn keep_fds(&self) -> Vec<RawFd>;
     /// Assign a legacy PCI IRQ to this device.
     fn assign_irq(&mut self, _irq_evt: EventFd, _irq_num: u32, _irq_pin: PciInterruptPin) {}
     /// Allocates the needed IO BAR space using the `allocate` function which takes a size and
@@ -80,6 +84,9 @@ impl<T: PciDevice> BusDevice for T {
 }
 
 impl<T: PciDevice + ?Sized> PciDevice for Box<T> {
+    fn keep_fds(&self) -> Vec<RawFd> {
+        (**self).keep_fds()
+    }
     fn assign_irq(&mut self, irq_evt: EventFd, irq_num: u32, irq_pin: PciInterruptPin) {
      (**self).assign_irq(irq_evt, irq_num, irq_pin)
     }
diff --git a/devices/src/pci/pci_root.rs b/devices/src/pci/pci_root.rs
index 34e4f2a0d6..c500f717a2 100644
--- a/devices/src/pci/pci_root.rs
+++ b/devices/src/pci/pci_root.rs
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+use std::os::unix::io::RawFd;
 use std::sync::{Arc, Mutex};
 
 use byteorder::{ByteOrder, LittleEndian};
@@ -19,6 +20,9 @@ struct PciRootConfiguration {
 }
 
 impl PciDevice for PciRootConfiguration {
+    fn keep_fds(&self) -> Vec<RawFd> {
+        Vec::new()
+    }
     fn config_registers(&self) -> &PciConfiguration {
         &self.config
     }