diff --git a/pkg/debian/kernel-lts/android-enable-building-ashmem-and-binder-as-modules.patch b/pkg/debian/kernel-lts/android-enable-building-ashmem-and-binder-as-modules.patch
new file mode 100644
index 000000000..da02e00e0
--- /dev/null
+++ b/pkg/debian/kernel-lts/android-enable-building-ashmem-and-binder-as-modules.patch
@@ -0,0 +1,97 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 22 Jun 2018 17:27:00 +0100
+Subject: android: Enable building ashmem and binder as modules
+Bug-Debian: https://bugs.debian.org/901492
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+- Add a MODULE_LICENSE declaration to ashmem
+- Change the Makefiles to build each driver as an object with the
+  "_linux" suffix (which is what Anbox expects)
+- Change config symbol types to tristate
+
+---
+Index: linux/drivers/android/Kconfig
+===================================================================
+--- linux.orig/drivers/android/Kconfig
++++ linux/drivers/android/Kconfig
+@@ -9,7 +9,7 @@ config ANDROID
+ if ANDROID
+ 
+ config ANDROID_BINDER_IPC
+-	bool "Android Binder IPC Driver"
++	tristate "Android Binder IPC Driver"
+ 	depends on MMU
+ 	default n
+ 	---help---
+Index: linux/drivers/android/Makefile
+===================================================================
+--- linux.orig/drivers/android/Makefile
++++ linux/drivers/android/Makefile
+@@ -1,4 +1,5 @@
+ ccflags-y += -I$(src)			# needed for trace events
+ 
+-obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder.o binder_alloc.o
+-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
++obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder_linux.o
++binder_linux-y := binder.o binder_alloc.o
++binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
+Index: linux/drivers/staging/android/Kconfig
+===================================================================
+--- linux.orig/drivers/staging/android/Kconfig
++++ linux/drivers/staging/android/Kconfig
+@@ -3,7 +3,7 @@ menu "Android"
+ if ANDROID
+ 
+ config ASHMEM
+-	bool "Enable the Anonymous Shared Memory Subsystem"
++	tristate "Enable the Anonymous Shared Memory Subsystem"
+ 	default n
+ 	depends on SHMEM
+ 	help
+Index: linux/drivers/staging/android/Makefile
+===================================================================
+--- linux.orig/drivers/staging/android/Makefile
++++ linux/drivers/staging/android/Makefile
+@@ -2,5 +2,6 @@ ccflags-y += -I$(src)			# needed for tra
+ 
+ obj-y					+= ion/
+ 
+-obj-$(CONFIG_ASHMEM)			+= ashmem.o
++obj-$(CONFIG_ASHMEM)			+= ashmem_linux.o
++ashmem_linux-y += ashmem.o
+ obj-$(CONFIG_ANDROID_VSOC)		+= vsoc.o
+Index: linux/drivers/staging/android/ashmem.c
+===================================================================
+--- linux.orig/drivers/staging/android/ashmem.c
++++ linux/drivers/staging/android/ashmem.c
+@@ -24,6 +24,7 @@
+ #include <linux/bitops.h>
+ #include <linux/mutex.h>
+ #include <linux/shmem_fs.h>
++#include <linux/module.h>
+ #include "ashmem.h"
+ 
+ #define ASHMEM_NAME_PREFIX "dev/ashmem/"
+@@ -924,3 +925,5 @@ out:
+ 	return ret;
+ }
+ device_initcall(ashmem_init);
++
++MODULE_LICENSE("GPL v2");
+Index: linux/drivers/android/binder_alloc.c
+===================================================================
+--- linux.orig/drivers/android/binder_alloc.c
++++ linux/drivers/android/binder_alloc.c
+@@ -44,7 +44,7 @@ enum {
+ };
+ static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
+ 
+-module_param_named(debug_mask, binder_alloc_debug_mask,
++module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
+ 		   uint, 0644);
+ 
+ #define binder_alloc_debug(mask, x...) \
diff --git a/pkg/debian/kernel-lts/export-symbols-needed-by-android-drivers.patch b/pkg/debian/kernel-lts/export-symbols-needed-by-android-drivers.patch
new file mode 100644
index 000000000..94a00d452
--- /dev/null
+++ b/pkg/debian/kernel-lts/export-symbols-needed-by-android-drivers.patch
@@ -0,0 +1,162 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 26 Jun 2018 16:59:01 +0100
+Subject: Export symbols needed by Android drivers
+Bug-Debian: https://bugs.debian.org/901492
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+Export the currently un-exported symbols they depend on.
+
+---
+Index: linux/fs/file.c
+===================================================================
+--- linux.orig/fs/file.c
++++ linux/fs/file.c
+@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st
+ 
+ 	return files;
+ }
++EXPORT_SYMBOL_GPL(get_files_struct);
+ 
+ void put_files_struct(struct files_struct *files)
+ {
+@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc
+ 		kmem_cache_free(files_cachep, files);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(put_files_struct);
+ 
+ void reset_files_struct(struct files_struct *files)
+ {
+@@ -534,6 +536,7 @@ out:
+ 	spin_unlock(&files->file_lock);
+ 	return error;
+ }
++EXPORT_SYMBOL_GPL(__alloc_fd);
+ 
+ static int alloc_fd(unsigned start, unsigned flags)
+ {
+@@ -607,6 +610,7 @@ void __fd_install(struct files_struct *f
+ 	rcu_assign_pointer(fdt->fd[fd], file);
+ 	rcu_read_unlock_sched();
+ }
++EXPORT_SYMBOL_GPL(__fd_install);
+ 
+ void fd_install(unsigned int fd, struct file *file)
+ {
+Index: linux/kernel/fork.c
+===================================================================
+--- linux.orig/kernel/fork.c
++++ linux/kernel/fork.c
+@@ -1048,6 +1048,7 @@ void mmput_async(struct mm_struct *mm)
+ 		schedule_work(&mm->async_put_work);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(mmput_async);
+ #endif
+ 
+ /**
+Index: linux/kernel/signal.c
+===================================================================
+--- linux.orig/kernel/signal.c
++++ linux/kernel/signal.c
+@@ -1353,6 +1353,7 @@ struct sighand_struct *__lock_task_sigha
+ 
+ 	return sighand;
+ }
++EXPORT_SYMBOL_GPL(__lock_task_sighand);
+ 
+ /*
+  * send signal info to all the members of a group
+Index: linux/mm/memory.c
+===================================================================
+--- linux.orig/mm/memory.c
++++ linux/mm/memory.c
+@@ -1611,6 +1611,7 @@ void zap_page_range(struct vm_area_struc
+ 	mmu_notifier_invalidate_range_end(mm, start, end);
+ 	tlb_finish_mmu(&tlb, start, end);
+ }
++EXPORT_SYMBOL_GPL(zap_page_range);
+ 
+ /**
+  * zap_page_range_single - remove user pages in a given range
+Index: linux/mm/shmem.c
+===================================================================
+--- linux.orig/mm/shmem.c
++++ linux/mm/shmem.c
+@@ -4039,6 +4039,7 @@ int shmem_zero_setup(struct vm_area_stru
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL_GPL(shmem_zero_setup);
+ 
+ /**
+  * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
+Index: linux/mm/vmalloc.c
+===================================================================
+--- linux.orig/mm/vmalloc.c
++++ linux/mm/vmalloc.c
+@@ -1299,6 +1299,7 @@ int map_kernel_range_noflush(unsigned lo
+ {
+ 	return vmap_page_range_noflush(addr, addr + size, prot, pages);
+ }
++EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
+ 
+ /**
+  * unmap_kernel_range_noflush - unmap kernel VM area
+@@ -1439,6 +1440,7 @@ struct vm_struct *get_vm_area(unsigned l
+ 				  NUMA_NO_NODE, GFP_KERNEL,
+ 				  __builtin_return_address(0));
+ }
++EXPORT_SYMBOL_GPL(get_vm_area);
+ 
+ struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
+ 				const void *caller)
+Index: linux/security/security.c
+===================================================================
+--- linux.orig/security/security.c
++++ linux/security/security.c
+@@ -236,24 +236,28 @@ int security_binder_set_context_mgr(stru
+ {
+ 	return call_int_hook(binder_set_context_mgr, 0, mgr);
+ }
++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
+ 
+ int security_binder_transaction(struct task_struct *from,
+ 				struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transaction, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transaction);
+ 
+ int security_binder_transfer_binder(struct task_struct *from,
+ 				    struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transfer_binder, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
+ 
+ int security_binder_transfer_file(struct task_struct *from,
+ 				  struct task_struct *to, struct file *file)
+ {
+ 	return call_int_hook(binder_transfer_file, 0, from, to, file);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_file);
+ 
+ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
+ {
+Index: linux/kernel/sched/core.c
+===================================================================
+--- linux.orig/kernel/sched/core.c
++++ linux/kernel/sched/core.c
+@@ -3973,6 +3973,7 @@ int can_nice(const struct task_struct *p
+ 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
+ 		capable(CAP_SYS_NICE));
+ }
++EXPORT_SYMBOL_GPL(can_nice);
+ 
+ #ifdef __ARCH_WANT_SYS_NICE
+ 
diff --git a/pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch b/pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch
new file mode 100644
index 000000000..2df107cfb
--- /dev/null
+++ b/pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch
@@ -0,0 +1,106 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 22 Jun 2018 17:27:00 +0100
+Subject: android: Enable building ashmem and binder as modules
+Bug-Debian: https://bugs.debian.org/901492
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+- Add a MODULE_LICENSE declaration to ashmem
+- Change the Makefiles to build each driver as an object with the
+  "_linux" suffix (which is what Anbox expects)
+- Change config symbol types to tristate
+---
+ drivers/android/Kconfig          | 2 +-
+ drivers/android/Makefile         | 7 ++++---
+ drivers/android/binder_alloc.c   | 2 +-
+ drivers/staging/android/Kconfig  | 2 +-
+ drivers/staging/android/Makefile | 3 ++-
+ drivers/staging/android/ashmem.c | 3 +++
+ 6 files changed, 12 insertions(+), 7 deletions(-)
+
+Index: debian-kernel/drivers/android/Kconfig
+===================================================================
+--- debian-kernel.orig/drivers/android/Kconfig
++++ debian-kernel/drivers/android/Kconfig
+@@ -9,7 +9,7 @@ config ANDROID
+ if ANDROID
+ 
+ config ANDROID_BINDER_IPC
+-	bool "Android Binder IPC Driver"
++	tristate "Android Binder IPC Driver"
+ 	depends on MMU
+ 	default n
+ 	help
+Index: debian-kernel/drivers/android/Makefile
+===================================================================
+--- debian-kernel.orig/drivers/android/Makefile
++++ debian-kernel/drivers/android/Makefile
+@@ -1,6 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0-only
+ ccflags-y += -I$(src)			# needed for trace events
+ 
+-obj-$(CONFIG_ANDROID_BINDERFS)		+= binderfs.o
+-obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder.o binder_alloc.o
+-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
++obj-$(CONFIG_ANDROID_BINDER_IPC)	+= binder_linux.o
++binder_linux-y := binder.o binder_alloc.o
++binder_linux-$(CONFIG_ANDROID_BINDERFS)	+= binderfs.o
++binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
+Index: debian-kernel/drivers/android/binder_alloc.c
+===================================================================
+--- debian-kernel.orig/drivers/android/binder_alloc.c
++++ debian-kernel/drivers/android/binder_alloc.c
+@@ -38,7 +38,7 @@ enum {
+ };
+ static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
+ 
+-module_param_named(debug_mask, binder_alloc_debug_mask,
++module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
+ 		   uint, 0644);
+ 
+ #define binder_alloc_debug(mask, x...) \
+Index: debian-kernel/drivers/staging/android/Kconfig
+===================================================================
+--- debian-kernel.orig/drivers/staging/android/Kconfig
++++ debian-kernel/drivers/staging/android/Kconfig
+@@ -4,7 +4,7 @@ menu "Android"
+ if ANDROID
+ 
+ config ASHMEM
+-	bool "Enable the Anonymous Shared Memory Subsystem"
++	tristate "Enable the Anonymous Shared Memory Subsystem"
+ 	depends on SHMEM
+ 	help
+ 	  The ashmem subsystem is a new shared memory allocator, similar to
+Index: debian-kernel/drivers/staging/android/Makefile
+===================================================================
+--- debian-kernel.orig/drivers/staging/android/Makefile
++++ debian-kernel/drivers/staging/android/Makefile
+@@ -3,4 +3,5 @@ ccflags-y += -I$(src)			# needed for tra
+ 
+ obj-y					+= ion/
+ 
+-obj-$(CONFIG_ASHMEM)			+= ashmem.o
++obj-$(CONFIG_ASHMEM)			+= ashmem_linux.o
++ashmem_linux-y				+= ashmem.o
+Index: debian-kernel/drivers/staging/android/ashmem.c
+===================================================================
+--- debian-kernel.orig/drivers/staging/android/ashmem.c
++++ debian-kernel/drivers/staging/android/ashmem.c
+@@ -24,6 +24,7 @@
+ #include <linux/bitops.h>
+ #include <linux/mutex.h>
+ #include <linux/shmem_fs.h>
++#include <linux/module.h>
+ #include "ashmem.h"
+ 
+ #define ASHMEM_NAME_PREFIX "dev/ashmem/"
+@@ -953,3 +954,5 @@ out:
+ 	return ret;
+ }
+ device_initcall(ashmem_init);
++
++MODULE_LICENSE("GPL v2");
diff --git a/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch b/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch
new file mode 100644
index 000000000..e297d08d0
--- /dev/null
+++ b/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch
@@ -0,0 +1,193 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 26 Jun 2018 16:59:01 +0100
+Subject: Export symbols needed by Android drivers
+Bug-Debian: https://bugs.debian.org/901492
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+Export the currently un-exported symbols they depend on.
+
+---
+ fs/file.c           | 5 +++++
+ kernel/fork.c       | 1 +
+ kernel/sched/core.c | 1 +
+ kernel/signal.c     | 1 +
+ kernel/task_work.c  | 1 +
+ mm/memory.c         | 1 +
+ mm/shmem.c          | 1 +
+ mm/vmalloc.c        | 2 ++
+ security/security.c | 4 ++++
+ 9 files changed, 17 insertions(+)
+
+Index: debian-kernel/fs/file.c
+===================================================================
+--- debian-kernel.orig/fs/file.c
++++ debian-kernel/fs/file.c
+@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st
+ 
+ 	return files;
+ }
++EXPORT_SYMBOL_GPL(get_files_struct);
+ 
+ void put_files_struct(struct files_struct *files)
+ {
+@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc
+ 		kmem_cache_free(files_cachep, files);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(put_files_struct);
+ 
+ void reset_files_struct(struct files_struct *files)
+ {
+@@ -534,6 +536,7 @@ out:
+ 	spin_unlock(&files->file_lock);
+ 	return error;
+ }
++EXPORT_SYMBOL_GPL(__alloc_fd);
+ 
+ static int alloc_fd(unsigned start, unsigned flags)
+ {
+@@ -612,6 +615,7 @@ void __fd_install(struct files_struct *f
+ 	rcu_assign_pointer(fdt->fd[fd], file);
+ 	rcu_read_unlock_sched();
+ }
++EXPORT_SYMBOL_GPL(__fd_install);
+ 
+ void fd_install(unsigned int fd, struct file *file)
+ {
+@@ -676,6 +680,7 @@ out_unlock:
+ 	*res = NULL;
+ 	return -ENOENT;
+ }
++EXPORT_SYMBOL(__close_fd_get_file);
+ 
+ void do_close_on_exec(struct files_struct *files)
+ {
+Index: debian-kernel/kernel/fork.c
+===================================================================
+--- debian-kernel.orig/kernel/fork.c
++++ debian-kernel/kernel/fork.c
+@@ -1131,6 +1131,7 @@ void mmput_async(struct mm_struct *mm)
+ 		schedule_work(&mm->async_put_work);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(mmput_async);
+ #endif
+ 
+ /**
+Index: debian-kernel/kernel/sched/core.c
+===================================================================
+--- debian-kernel.orig/kernel/sched/core.c
++++ debian-kernel/kernel/sched/core.c
+@@ -4667,6 +4667,7 @@ int can_nice(const struct task_struct *p
+ 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
+ 		capable(CAP_SYS_NICE));
+ }
++EXPORT_SYMBOL_GPL(can_nice);
+ 
+ #ifdef __ARCH_WANT_SYS_NICE
+ 
+Index: debian-kernel/kernel/signal.c
+===================================================================
+--- debian-kernel.orig/kernel/signal.c
++++ debian-kernel/kernel/signal.c
+@@ -1396,6 +1396,7 @@ struct sighand_struct *__lock_task_sigha
+ 
+ 	return sighand;
+ }
++EXPORT_SYMBOL_GPL(__lock_task_sighand);
+ 
+ /*
+  * send signal info to all the members of a group
+Index: debian-kernel/kernel/task_work.c
+===================================================================
+--- debian-kernel.orig/kernel/task_work.c
++++ debian-kernel/kernel/task_work.c
+@@ -52,6 +52,7 @@ task_work_add(struct task_struct *task,
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL(task_work_add);
+ 
+ /**
+  * task_work_cancel - cancel a pending work added by task_work_add()
+Index: debian-kernel/mm/memory.c
+===================================================================
+--- debian-kernel.orig/mm/memory.c
++++ debian-kernel/mm/memory.c
+@@ -1367,6 +1367,7 @@ void zap_page_range(struct vm_area_struc
+ 	mmu_notifier_invalidate_range_end(&range);
+ 	tlb_finish_mmu(&tlb, start, range.end);
+ }
++EXPORT_SYMBOL_GPL(zap_page_range);
+ 
+ /**
+  * zap_page_range_single - remove user pages in a given range
+Index: debian-kernel/mm/shmem.c
+===================================================================
+--- debian-kernel.orig/mm/shmem.c
++++ debian-kernel/mm/shmem.c
+@@ -4158,6 +4158,7 @@ int shmem_zero_setup(struct vm_area_stru
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL_GPL(shmem_zero_setup);
+ 
+ /**
+  * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
+Index: debian-kernel/mm/vmalloc.c
+===================================================================
+--- debian-kernel.orig/mm/vmalloc.c
++++ debian-kernel/mm/vmalloc.c
+@@ -1278,6 +1278,7 @@ overflow:
+ 	kmem_cache_free(vmap_area_cachep, va);
+ 	return ERR_PTR(-EBUSY);
+ }
++EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
+ 
+ int register_vmap_purge_notifier(struct notifier_block *nb)
+ {
+@@ -2147,6 +2148,7 @@ struct vm_struct *get_vm_area(unsigned l
+ 				  NUMA_NO_NODE, GFP_KERNEL,
+ 				  __builtin_return_address(0));
+ }
++EXPORT_SYMBOL_GPL(get_vm_area);
+ 
+ struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
+ 				const void *caller)
+Index: debian-kernel/security/security.c
+===================================================================
+--- debian-kernel.orig/security/security.c
++++ debian-kernel/security/security.c
+@@ -725,24 +725,28 @@ int security_binder_set_context_mgr(stru
+ {
+ 	return call_int_hook(binder_set_context_mgr, 0, mgr);
+ }
++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
+ 
+ int security_binder_transaction(struct task_struct *from,
+ 				struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transaction, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transaction);
+ 
+ int security_binder_transfer_binder(struct task_struct *from,
+ 				    struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transfer_binder, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
+ 
+ int security_binder_transfer_file(struct task_struct *from,
+ 				  struct task_struct *to, struct file *file)
+ {
+ 	return call_int_hook(binder_transfer_file, 0, from, to, file);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_file);
+ 
+ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
+ {