Recently I had to install self-signed certificate for Android apps, and the guides I’ve found were either not working or involved rebuilding aliendalvik image.
But after some trial and error I’ve found another way by adding mount entry to LXC config.
For some reason adding single file fails, so you have to replace whole directory.
First, copy your existing certificates to dir with write access, let’s say /home/defaultuser/cacerts
mkdir /home/defaultuser/cacerts
lxc-attach -n aliendalvik /system/bin/sh
cp /system/etc/security/cacerts/* /home/defaultuser/cacerts
Then copy your certificate (that must have name according to http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26_Tablets) to dir with existing certificates.
Create file /var/lib/lxc/aliendalvik/extra_config
and add following line to it:
lxc.mount.entry = /home/defaultuser/cacerts/ system/etc/security/cacerts/ none bind,optional,create=dir 0 0
Reboot Android support, and your certificate should be among root certificates.
You will have to repeat step 1 if certificates in Android image were updated to get latest versions.