Comment 8 for bug 1476662

Hi Serge - this patch looks good for the most part but I'm curious if it is possible for a container admin to modify the target path during or after the ensure_not_symlink() checks and before the mount? It feels like there's a TOCTOU issue in there but maybe the admin can't possibly make changes while the check is happening?