A config.json may specify a string "username" on Linux as the user to execute the process as. The trouble is we need to know what uid/gid this maps to inside of the container. Sadly this requires hacks:

• parse /etc/passwd (if it exists!)
• call getent passwd inside of the filesystem

This spec likely should make a recommendation on what needs to be done here and in what order.