Comment 9 for bug 1634199

Yes, so basically we have:
 - dnsmasq.pid (create + read/write by dnsmasq)
 - dnsmasq.raw (read by dnsmasq)
 - dnsmasq.hosts (read by dnsmasq)
 - dnsmasq.leases (create + read/write by dnsmasq)

I'd be tempted to just go with:

/var/lib/lxd/networks/*/dnsmasq.pid rw,
/var/lib/lxd/networks/*/dnsmasq.leases rw,
/var/lib/lxd/networks/*/dnsmasq.* r,

That should make things a bit more future proof should we add any more dnsmasq related files in there.