Comment 50 for bug 1476662

After irc discussion we realized the patch was insufficient.

This new patch makes some changes. It forbids all symlinks in the mount target. The case for which this broke lxc before has been taken care of by not mounting onto proc/net (which is a symlink to proc/self/net). It also forbids symlinks in relative bind mount sources. If needed we can later add a mount option saying to allow symlinks, but since we allow symlinks for absolute source paths this may not be needed.