Read this announcement from Oracle and thought about LXD VMs:
In theory it allows for reducing attack surface by having qemu itself do privilege dropping and seccomp sandboxing of the various sub-processes. Something it couldn’t do when in-process or in threads.
That being said, LXD has been avoiding using most qemu features that are particularly at risk of exploitation in the first place (device emulation), we already use seccomp sandboxing for the existing qemu processes and generate per-VM apparmor sandboxes on top of that.
I suspect the net result for LXD users specifically will be more processes running on their systems with limited additional security, though it may let us simplify some of our existing sandboxing, instead relying more on the one setup by qemu itself.