diff --git a/Cargo.toml b/Cargo.toml
index fed844c6..e982e8fd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -31,7 +31,7 @@ crossbeam = "0.8.1"
 futures = "0.3.19"
 libc = "0.2.112"
 log = {version = "0.4.2", features=["kv_unstable"]}
-nix = "0.29"
+nix = "0.30"
 oci-spec = "0.7"
 os_pipe = "1.1"
 prctl = "1.0.0"
diff --git a/crates/runc/src/asynchronous/io.rs b/crates/runc/src/asynchronous/io.rs
index 808efb74..14110cd4 100644
--- a/crates/runc/src/asynchronous/io.rs
+++ b/crates/runc/src/asynchronous/io.rs
@@ -14,7 +14,7 @@
    limitations under the License.
 */
 
-use std::{fmt::Debug, io::Result, os::unix::io::AsRawFd, process::Stdio};
+use std::{fmt::Debug, io::Result, process::Stdio};
 
 use async_trait::async_trait;
 use nix::unistd::{Gid, Uid};
@@ -67,10 +67,10 @@ impl PipedIo {
         let gid = Some(Gid::from_raw(gid));
         if stdin {
             let rd = pipe.rd.try_clone()?;
-            nix::unistd::fchown(rd.as_raw_fd(), uid, gid)?;
+            nix::unistd::fchown(rd, uid, gid)?;
         } else {
             let wr = pipe.wr.try_clone()?;
-            nix::unistd::fchown(wr.as_raw_fd(), uid, gid)?;
+            nix::unistd::fchown(wr, uid, gid)?;
         }
         Ok(Some(pipe))
     }
diff --git a/crates/runc/src/synchronous/io.rs b/crates/runc/src/synchronous/io.rs
index 60f2608f..1cc3a4a6 100644
--- a/crates/runc/src/synchronous/io.rs
+++ b/crates/runc/src/synchronous/io.rs
@@ -18,7 +18,7 @@ use std::{
     fmt::Debug,
     fs::{File, OpenOptions},
     io::Result,
-    os::unix::{fs::OpenOptionsExt, io::AsRawFd},
+    os::unix::fs::OpenOptionsExt,
     process::Stdio,
     sync::Mutex,
 };
@@ -72,10 +72,10 @@ impl PipedIo {
         let gid = Some(Gid::from_raw(gid));
         if stdin {
             let rd = pipe.rd.try_clone()?;
-            nix::unistd::fchown(rd.as_raw_fd(), uid, gid)?;
+            nix::unistd::fchown(rd, uid, gid)?;
         } else {
             let wr = pipe.wr.try_clone()?;
-            nix::unistd::fchown(wr.as_raw_fd(), uid, gid)?;
+            nix::unistd::fchown(wr, uid, gid)?;
         }
         Ok(Some(pipe))
     }
diff --git a/crates/shim/src/util.rs b/crates/shim/src/util.rs
index 3d02bddf..7e087c41 100644
--- a/crates/shim/src/util.rs
+++ b/crates/shim/src/util.rs
@@ -120,8 +120,12 @@ pub fn connect(address: impl AsRef<str>) -> Result<RawFd> {
     // so there is a chance of leak if fork + exec happens in between of these calls.
     #[cfg(not(target_os = "linux"))]
     {
+        use std::os::fd::BorrowedFd;
+
         use nix::fcntl::{fcntl, FcntlArg, FdFlag};
-        fcntl(fd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).map_err(|e| {
+        // SAFETY: fd is a valid file descriptor that we just created
+        let borrowed_fd = unsafe { BorrowedFd::borrow_raw(fd) };
+        fcntl(borrowed_fd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).map_err(|e| {
             let _ = close(fd);
             e
         })?;