From b80adb06d005dbc468e3797301fc380afe0d90b0 Mon Sep 17 00:00:00 2001
From: Adam Boardman <adamboardman@gmail.com>
Date: Mon, 4 Jan 2021 19:33:35 +0000
Subject: [PATCH] Tidying up and commenting a working set of settings

---
 var/lib/lxc/android/config | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/var/lib/lxc/android/config b/var/lib/lxc/android/config
index 0044eaf..77a1d49 100644
--- a/var/lib/lxc/android/config
+++ b/var/lib/lxc/android/config
@@ -1,34 +1,31 @@
-
+# Merge networking with primary kernel to allow fuelgauged to talk between its vendor and builtin battery charging modules (none)
 lxc.net.0.type = none
 
 lxc.rootfs.path = dir:/var/lib/lxc/android/rootfs
 
-#lxc.tty.dir = lxc
 lxc.tty.dir = 
 lxc.tty.max = 4
 lxc.pty.max = 1024
 lxc.arch = arm64
 
-# Drop some harmful capabilities
+# Drop some harmful capabilities, but not all of them
 #lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
 lxc.cap.drop = mac_admin mac_override
 
-# Blacklist some syscalls which are not safe in privileged containers
+# Don't blacklist some syscalls which are not safe in privileged containers, but are needed by android init
 #lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
 
 lxc.hook.pre-start = /var/lib/lxc/android/pre-start.sh
 
-#this might not be needed?
+# This is not needed as we do it manually within the systemd startup
 #lxc.init_cmd = /init
 
 lxc.apparmor.profile = unconfined
 lxc.autodev = 0
 
-
 lxc.hook.mount = /usr/share/lxcfs/lxc.mount.hook
 lxc.hook.post-stop = /usr/share/lxcfs/lxc.reboot.hook
 
-
 lxc.mount.entry = tmpfs dev tmpfs nosuid 0 0
 lxc.mount.entry = /dev/__properties__ dev/__properties__ bind bind,create=dir 0 0
 lxc.mount.entry = /dev/socket dev/socket bind bind,create=dir 0 0