From 571cca9b940f2867ad0156ad4aade5288c9f277d Mon Sep 17 00:00:00 2001
From: Adam Boardman <adamboardman@gmail.com>
Date: Mon, 4 Jan 2021 15:18:11 +0000
Subject: [PATCH] Fix for android container being able to access its data -
 fixes 'Unable to open persistent property directory "/data/property"'

---
 var/lib/lxc/android/config | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/var/lib/lxc/android/config b/var/lib/lxc/android/config
index 4aa9de7..be2e073 100644
--- a/var/lib/lxc/android/config
+++ b/var/lib/lxc/android/config
@@ -10,7 +10,8 @@ lxc.pty.max = 1024
 lxc.arch = arm64
 
 # Drop some harmful capabilities
-lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
+#lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
+lxc.cap.drop = mac_admin mac_override
 
 # Blacklist some syscalls which are not safe in privileged containers
 lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
@@ -34,6 +35,6 @@ lxc.mount.entry = /dev/socket dev/socket bind bind,create=dir 0 0
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sys sys sysfs nodev,noexec,nosuid 0 0
 #lxc.mount.entry = tmp tmp tmpfs nodev,noexec,nosuid 0 0
-#lxc.mount.entry = /android/data data bind bind 0 0
+lxc.mount.entry = /data data bind bind 0 0
 lxc.mount.entry = /vendor vendor bind rbind 0 0
 lxc.mount.entry = /mnt mnt bind rbind 0 0