Comment 41 for bug 1476662

A few minor comments on v2.

1) Typo in the commit message: "The host's mount path may container ..."

2) The function documentation for is_subdir() needs updating to reflect the new params.

3) The fstatat() in the while loop of open_without_symlink() is not needed. open_if_safe() passes the O_NOFOLLOW flag to openat(2) so symlinks are already being properly detected.