(pseudo)tty not properly setup with the -t option

[dlespiau]

$ docker run  -t debian tty
/dev/console
$ docker run --runtime cc -t debian tty
not a tty

[amshinde]

While experimenting with systemd options for another bug, I realised that if we mount the /dev from the VM into the workload and avoid creating a new dev namespace with PrivateDevices=Yes, the above issue is resolved. This needs some more investigation to rootcause what is happening.
If we go with the above, we can restrict access to just certain pseudo devices using systemd cgroup mechanism(DevicePolicy=Strict, DeviceAllow..), although all the devices will be visible to the workload since we don't change dev namespace.

[dlespiau]

I arrived at the same conclusion and did find we were missing /dev/console as well, haven't checked it that was enough for that one as well.

[chavafg]

added test on #523

[chavafg]

closing this issue as tests are already merged.