diff --git a/dist/index.js b/dist/index.js
index 3982958..d56218b 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -103748,6 +103748,10 @@ ${stderrBuffer}`
           dir: "/tmp",
           readOnly: false
         },
+        {
+          dir: "/usr",
+          readOnly: true
+        },
         {
           dir: "/nix",
           readOnly: false
@@ -103768,6 +103772,13 @@ ${stderrBuffer}`
           );
         }
       }
+      const plausibleDeterminateOptions = [];
+      const plausibleDeterminateArguments = [];
+      if (this.determinate) {
+        plausibleDeterminateOptions.push("--entrypoint");
+        plausibleDeterminateOptions.push("/usr/local/bin/determinate-nixd");
+        plausibleDeterminateArguments.push("daemon");
+      }
       this.recordEvent(EVENT_START_DOCKER_SHIM);
       const exitCode = await exec.exec(
         "docker",
@@ -103784,7 +103795,7 @@ ${stderrBuffer}`
           "--init",
           "--name",
           `determinate-nix-shim-${this.getUniqueId()}-${(0,external_node_crypto_namespaceObject.randomUUID)()}`
-        ].concat(mountArguments).concat(["determinate-nix-shim:latest"]),
+        ].concat(plausibleDeterminateOptions).concat(mountArguments).concat(["determinate-nix-shim:latest"]).concat(plausibleDeterminateArguments),
         {
           silent: true,
           listeners: {
diff --git a/src/index.ts b/src/index.ts
index 720f815..be4170f 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -736,6 +736,10 @@ class NixInstallerAction extends DetSysAction {
           dir: "/tmp",
           readOnly: false,
         },
+        {
+          dir: "/usr",
+          readOnly: true,
+        },
         {
           dir: "/nix",
           readOnly: false,
@@ -759,6 +763,14 @@ class NixInstallerAction extends DetSysAction {
         }
       }
 
+      const plausibleDeterminateOptions = [];
+      const plausibleDeterminateArguments = [];
+      if (this.determinate) {
+        plausibleDeterminateOptions.push("--entrypoint");
+        plausibleDeterminateOptions.push("/usr/local/bin/determinate-nixd");
+        plausibleDeterminateArguments.push("daemon");
+      }
+
       this.recordEvent(EVENT_START_DOCKER_SHIM);
       const exitCode = await actionsExec.exec(
         "docker",
@@ -776,8 +788,10 @@ class NixInstallerAction extends DetSysAction {
           "--name",
           `determinate-nix-shim-${this.getUniqueId()}-${randomUUID()}`,
         ]
+          .concat(plausibleDeterminateOptions)
           .concat(mountArguments)
-          .concat(["determinate-nix-shim:latest"]),
+          .concat(["determinate-nix-shim:latest"])
+          .concat(plausibleDeterminateArguments),
         {
           silent: true,
           listeners: {