diff --git a/container/initoverlay.go b/container/initoverlay.go
index 2c6f43c..c913870 100644
--- a/container/initoverlay.go
+++ b/container/initoverlay.go
@@ -64,6 +64,9 @@ type MountOverlayOp struct {
 	work string
 
 	ephemeral bool
+
+	// used internally for mounting to the intermediate root
+	noPrefix bool
 }
 
 func (o *MountOverlayOp) Valid() bool {
@@ -126,7 +129,10 @@ func (o *MountOverlayOp) early(_ *setupState, k syscallDispatcher) error {
 }
 
 func (o *MountOverlayOp) apply(state *setupState, k syscallDispatcher) error {
-	target := toSysroot(o.Target.String())
+	target := o.Target.String()
+	if !o.noPrefix {
+		target = toSysroot(target)
+	}
 	if err := k.mkdirAll(target, state.ParentPerm); err != nil {
 		return wrapErrSelf(err)
 	}
diff --git a/container/initoverlay_test.go b/container/initoverlay_test.go
index f5f0aec..3a395f0 100644
--- a/container/initoverlay_test.go
+++ b/container/initoverlay_test.go
@@ -83,6 +83,25 @@ func TestMountOverlayOp(t *testing.T) {
 			{"mkdirAll", expectArgs{"/sysroot/nix/store", os.FileMode(0755)}, nil, nil},
 		}, msg.WrapErr(fs.ErrInvalid, "readonly overlay requires at least two lowerdir")},
 
+		{"success ro noPrefix", &Params{ParentPerm: 0755}, &MountOverlayOp{
+			Target: MustAbs("/nix/store"),
+			Lower: []*Absolute{
+				MustAbs("/mnt-root/nix/.ro-store"),
+				MustAbs("/mnt-root/nix/.ro-store0"),
+			},
+			noPrefix: true,
+		}, []kexpect{
+			{"evalSymlinks", expectArgs{"/mnt-root/nix/.ro-store"}, "/mnt-root/nix/.ro-store", nil},
+			{"evalSymlinks", expectArgs{"/mnt-root/nix/.ro-store0"}, "/mnt-root/nix/.ro-store0", nil},
+		}, nil, []kexpect{
+			{"mkdirAll", expectArgs{"/nix/store", os.FileMode(0755)}, nil, nil},
+			{"mount", expectArgs{"overlay", "/nix/store", "overlay", uintptr(0), "" +
+				"lowerdir=" +
+				"/host/mnt-root/nix/.ro-store:" +
+				"/host/mnt-root/nix/.ro-store0," +
+				"userxattr"}, nil, nil},
+		}, nil},
+
 		{"success ro", &Params{ParentPerm: 0755}, &MountOverlayOp{
 			Target: MustAbs("/nix/store"),
 			Lower: []*Absolute{