Android Emulator Development, Anbox, & Waydroid

Reverse Engineering Android Container Layers: Unpacking LXC vs Docker Filesystem Overlays

By Antigravity Research Published May 29, 2026 ⏱️ 4 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: The World of Android Containerization

The quest to run Android seamlessly within Linux environments has led to innovative solutions like Anbox and Waydroid. These projects leverage containerization technologies to encapsulate a full Android system, offering a robust and integrated experience. At the heart of their operation lies the intricate management of filesystem layers, a critical component that dictates how Android’s base image and user modifications coexist. Understanding these filesystem overlays – particularly how they differ between Linux Containers (LXC) and Docker – is paramount for debugging, performance tuning, and advanced customization.

This article dives deep into the mechanisms employed by LXC and Docker to manage their filesystems, focusing on their respective overlay strategies. We’ll explore how Anbox and Waydroid often utilize LXC’s approach, contrast it with Docker’s robust image layering, and provide practical steps for reverse engineering these intricate filesystem structures.

The Fundamentals of Layered Filesystems

Containerization thrives on efficiency and resource isolation. A core tenet is the ability to share a common base image while allowing each container to have its own writable filesystem. This is achieved through layered filesystems, often built upon a copy-on-write (CoW) mechanism and union mounts. A union filesystem combines multiple distinct filesystems (or directories) into a single, unified view. When a file is modified in this unified view, the CoW principle ensures that the original file in the base layer remains untouched; instead, a copy of the file is made to a writable “upper” layer, and subsequent changes are applied to this copy.

Key concepts:

  • Lower Layer(s): Read-only base filesystem(s) containing the core operating system or application images.
  • Upper Layer: A writable filesystem where all modifications, additions, and deletions by the container are stored.
  • Merged Directory: The unified view presented to the container, combining the lower and upper layers.
  • Work Directory: Used by the overlay filesystem driver for internal operations, such as preparing files for copy-up.

LXC and OverlayFS for Android (Anbox/Waydroid Context)

LXC, a lightweight virtualization technology, directly interacts with the kernel’s container features. For its root filesystem, LXC often employs OverlayFS, a modern union filesystem implementation integrated directly into the Linux kernel. Anbox and Waydroid, which are built upon LXC or similar technologies, typically configure their Android root filesystems using this mechanism.

In a typical LXC setup for Android, you might find a read-only base image (e.g., an Android `system.img` mounted via `squashfs` or similar, or an unpacked directory structure) acting as the lower layer. A separate directory serves as the writable upper layer, capturing all runtime changes to the Android system.

Inspecting LXC Filesystem Layers

To reverse engineer an LXC-based Android container’s filesystem, you’ll primarily use standard Linux tools. Let’s assume an Anbox or Waydroid container named `android` is running.

First, identify the container’s root filesystem path:

sudo lxc-ls -L android

This command will typically show a path like `/var/lib/lxc/android/rootfs`. Now, inspect the mount points within the host system to find the OverlayFS details:

cat /proc/mounts | grep 'overlay' | grep 'android'

You might see output similar to this (paths will vary based on your setup):

overlay /var/lib/lxc/android/rootfs overlay rw,relatime,lowerdir=/var/lib/anbox/android-rootfs/system,upperdir=/var/snap/anbox/common/android-data/rootfs-overlay/upper,workdir=/var/snap/anbox/common/android-data/rootfs-overlay/work 0 0

From this line, you can clearly identify:

  • `lowerdir`: The read-only base Android filesystem (e.g., `system.img` content).
  • `upperdir`: The writable layer for all modifications.
  • `workdir`: The internal working directory for OverlayFS.

You can then explore these directories directly on the host system:

sudo ls -l /var/lib/anbox/android-rootfs/system/appsudo ls -l /var/snap/anbox/common/android-data/rootfs-overlay/upper/data

This allows direct access to the base Android files and any changes made within the running container.

Docker and Storage Drivers for Android Images

Docker takes a more abstract approach with its

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Containerization #Docker #LXC #OverlayFS #Waydroid

Related Technical Guides

Deep Dive into Emulator Graphics: Analyzing Frame Pacing & Rendering Performance for Smooth UX

May 30, 2026

Performance Tuning: Optimizing Sensor Data Latency and Throughput in Emulated Android Environments

May 30, 2026

Under the Hood of VirGL: Reverse Engineering the Guest-Host Graphics Protocol for Custom Emulators

May 30, 2026