Comment 2 for bug 1641236

Getting openpty called in the container would solve a lot of problems for us but it's not possible to do in a safe way as it'd effectively rely on the container's filesystem which the container user can change or fake at will, allowing for attacks on the host's C library and LXD itself.