this allows running the container in non-root environments, with the trade-off that processes are not as well isolated from each other
