1) Typo in the commit message: "The host's mount path may container ..."
2) The function documentation for is_subdir() needs updating to reflect the new params.
3) The fstatat() in the while loop of open_without_symlink() is not needed. open_if_safe() passes the O_NOFOLLOW flag to openat(2) so symlinks are already being properly detected.
A few minor comments on v2.
1) Typo in the commit message: "The host's mount path may container ..."
2) The function documentation for is_subdir() needs updating to reflect the new params.
3) The fstatat() in the while loop of open_without_ symlink( ) is not needed. open_if_safe() passes the O_NOFOLLOW flag to openat(2) so symlinks are already being properly detected.