Comment 5 for bug 1584230

Hmm, the code seems to disagree with you.

/var/lib/lxd/containers is 711 which allows traversal but not direct access. Then the container itself (or its rootfs) is 700 if the container is privileged, 711 otherwise which would only allow traversal to a given file if the container is unprivileged in which case, setuid doesn't apply.