diff --git a/projects/orbit/Dockerfile b/projects/orbit/Dockerfile
index e4f01c81c..4d408fcaf 100644
--- a/projects/orbit/Dockerfile
+++ b/projects/orbit/Dockerfile
@@ -23,6 +23,7 @@ RUN mkdir -p $SRC/orbit && tar -xzf $SRC/main.tar.gz \
   -C $SRC/orbit/ --strip-components 1; rm -f $SRC/main.tar.gz
 WORKDIR $SRC/orbit
 COPY build.sh $SRC/
+COPY default.options $SRC/
 
 # That's a hack. The service needs to have a more recent kernel than what the
 # container provides. But this code is not going to be called from the fuzz-
diff --git a/projects/orbit/build.sh b/projects/orbit/build.sh
index a90185fd6..6bedde4d6 100755
--- a/projects/orbit/build.sh
+++ b/projects/orbit/build.sh
@@ -49,6 +49,8 @@ function copy_fuzzer {
   cp -v "$1" "$OUT/"
   patchelf --set-rpath '$ORIGIN/lib' "$OUT/$(basename "$1")"
 
+  cp -v "$SRC/default.options" "$OUT/$(basename "$1").options"
+
   ldd "$1" | grep '=>' | cut -d ' ' -f 3 | while read lib; do
     if [[ -f $lib ]]; then
       cp -v "$lib" "$OUT/lib/"
diff --git a/projects/orbit/default.options b/projects/orbit/default.options
new file mode 100644
index 000000000..1c815b33f
--- /dev/null
+++ b/projects/orbit/default.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+close_fd_mask=1