diff --git a/pkgs/tools/virtualization/nixos-container/default.nix b/pkgs/tools/virtualization/nixos-container/default.nix
index 0763536533f0..19394ea45d30 100644
--- a/pkgs/tools/virtualization/nixos-container/default.nix
+++ b/pkgs/tools/virtualization/nixos-container/default.nix
@@ -6,8 +6,6 @@ substituteAll {
     isExecutable = true;
     src = ./nixos-container.pl;
     perl = "${perl}/bin/perl -I${perlPackages.FileSlurp}/lib/perl5/site_perl";
-    su = "${shadow.su}/bin/su";
-    inherit utillinux;
 
     postInstall = ''
       t=$out/etc/bash_completion.d
diff --git a/pkgs/tools/virtualization/nixos-container/nixos-container.pl b/pkgs/tools/virtualization/nixos-container/nixos-container.pl
index 1dfe4567d8df..5cb7e3b560b8 100755
--- a/pkgs/tools/virtualization/nixos-container/nixos-container.pl
+++ b/pkgs/tools/virtualization/nixos-container/nixos-container.pl
@@ -8,9 +8,6 @@ use Fcntl ':flock';
 use Getopt::Long qw(:config gnu_getopt);
 use Cwd 'abs_path';
 
-my $nsenter = "@utillinux@/bin/nsenter";
-my $su = "@su@";
-
 # Ensure a consistent umask.
 umask 0022;
 
@@ -220,22 +217,6 @@ sub stopContainer {
         or die "$0: failed to stop container\n";
 }
 
-# Return the PID of the init process of the container.
-sub getLeader {
-    my $s = `machinectl show "$containerName" -p Leader`;
-    chomp $s;
-    $s =~ /^Leader=(\d+)$/ or die "unable to get container's main PID\n";
-    return int($1);
-}
-
-# Run a command in the container.
-sub runInContainer {
-    my @args = @_;
-    my $leader = getLeader;
-    exec($nsenter, "-t", $leader, "-m", "-u", "-i", "-n", "-p", "--", @args);
-    die "cannot run ‘nsenter’: $!\n";
-}
-
 # Remove a directory while recursively unmounting all mounted filesystems within
 # that directory and unmounting/removing that directory afterwards as well.
 #
@@ -309,14 +290,14 @@ elsif ($action eq "login") {
 }
 
 elsif ($action eq "root-login") {
-    runInContainer("@su@", "root", "-l");
+    exec("machinectl", "shell", $containerName, "/bin/sh", "-l");
 }
 
 elsif ($action eq "run") {
     shift @ARGV; shift @ARGV;
     # Escape command.
     my $s = join(' ', map { s/'/'\\''/g; "'$_'" } @ARGV);
-    runInContainer("@su@", "root", "-l", "-c", "exec " . $s);
+    exec("machinectl", "--quiet", "shell", $containerName, "/bin/sh", "-l", "-c", $s);
 }
 
 elsif ($action eq "show-ip") {