diff --git a/Dockerfile b/Dockerfile
index 181b7b3bc9937d00a9bc2726bc5eb26e6cb267ff..e163421db48a1d2705f50a530a1b6a52a805bd4a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,8 @@ COPY etc/ /etc/
 COPY deb_autistici_org.gpg /usr/share/keyrings/deb.autistici.org.gpg
 COPY every /usr/bin/every
 
-ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-amd64.tar.gz /tmp/
+ADD https://github.com/just-containers/s6-overlay/releases/download/v3.1.3.0/s6-overlay-noarch.tar.xz /tmp
+ADD https://github.com/just-containers/s6-overlay/releases/download/v3.1.3.0/s6-overlay-x86_64.tar.xz /tmp
 
 # The RUN directive does the following:
 #
@@ -28,14 +29,13 @@ ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-
 # * To work around another similar issue, we also disable the
 #   init-stage2.fixattrs stage, which won't work due to the read-only fs.
 #
-RUN tar -C / -xzf /tmp/s6-overlay-amd64.tar.gz && \
+RUN apt -q update && \
+    apt -qy install xz-utils && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN tar -C / -Jxf /tmp/s6-overlay-noarch.tar.xz && \
+    tar -C / -Jxf /tmp/s6-overlay-x86_64.tar.xz && \
     chmod 1777 /run && \
-    echo "deb [signed-by=/usr/share/keyrings/deb.autistici.org.gpg] http://deb.autistici.org/urepo float/bookworm/" > /etc/apt/sources.list.d/float.list && \
-    sed -i -e 's/s6-hiercopy/cp -sR/g' \
-	/etc/s6/init/init-stage2 \
-	/etc/s6/init-catchall/init-stage1 \
-	/etc/s6/init-no-catchall/init-stage1 && \
-    rm -f /usr/bin/fix-attrs && \
-    ln -s /bin/true /usr/bin/fix-attrs
+    echo "deb [signed-by=/usr/share/keyrings/deb.autistici.org.gpg] http://deb.autistici.org/urepo float/bookworm/" > /etc/apt/sources.list.d/float.list
 
 ENTRYPOINT ["/init"]
diff --git a/README.md b/README.md
index e55d90be6d8e606bd8407a6add99128fcfa79302..97906be16f656a8f2ce1655a03c145b568229677 100644
--- a/README.md
+++ b/README.md
@@ -32,8 +32,9 @@ which should contain:
 * a *finish* script, with the following contents:
 
 ```
-#!/usr/bin/execlineb -S0
-s6-svscanctl -t /var/run/s6/services
+#!/bin/sh
+
+/run/s6/basedir/bin/halt
 ```
 
 Both files should be executable.
@@ -81,18 +82,8 @@ The base s6-overlay distribution is modified slightly to work around
 the particularly strict environment found in
 [float](https://git.autistici.org/ai3/float), which does not offer any
 directory which is both writeable, and where scripts can be executed
-(all tmpfs mounts have the *noexec* bit set). This does not play well
-with s6, which need to create stuff in the service directory, which
-also contains the *run* script.
-
-Our simple solution is to have s6-overlay copy all its configuration
-to /var/run/s6 (on the /run tmpfs), so that it is writeable, and then
-to make the *run* scripts symlinks back to /etc, so that they can be
-executed.
+(all tmpfs mounts have the *noexec* bit set).
 
-We achieve the former by setting [S6_READ_ONLY_ROOT=1 environment
+We achieve this by setting [S6_READ_ONLY_ROOT=1 environment
 variable](https://github.com/just-containers/s6-overlay#read-only-root-filesystem)
-in the container, and the latter by replacing the usage of
-[s6-hiercopy](https://skarnet.org/software/s6-portable-utils/s6-hiercopy.html)
-with "cp -sR", which creates the target directory structure but then
-uses symlinks instead of copying files.
+in the container.