Skip to content

Pantavisor Configuration

This reference is for advanced users. Before manually editing these values in your config, check if what you intend to do can be achieved through one of the build options.

There are four ways to tweak Pantavisor configuration, depending on when it can be modified: at compile time, at boot up time, after an update or during runtime. Bear in mind that each level in this list will overwrite whatever is configured in the previous ones.

At compile time

You can take a look at the default configuration files we use to build our supported platforms here.


Key Value Default Description
policy string without '/' character empty set configuration policy
cache.usrmetadir path /storage/cache/meta set persistent user metadata dir
cache.devmetadir path /storage/cache/devmeta set persistent device metadata dir
system.apparmor.profiles comma-separated list of profile names empty list of AppArmor profiles to be loaded during early init
system.init.mode embedded, standalone or appengine embedded Pantavisor init mode
system.libdir path /lib set lib path
system.etcdir path /etc set etc path
system.rundir path /pv set run path
system.mediadir path /media set media path
system.confdir path /configs set config path 0 or 1 0 load all modules and firmware during early init
system.mount.securityfs 0 or 1 0 mount /sys/kernel/security during early init 0 or 1 1 enable debug shell 0 or 1 0 always prompt debug shell without having to press any key
debug.ssh 0 or 1 1 enable debug ssh server
debug.ssh_authorized_keys path or "default" /pv/user-meta/pvr-sdk.authorized_keys path where to find ssh server keys
dropbear.cache.dir path /storage/cache/dropbear set dropbear cache path
bootloader.type uboot, uboot-pvk or grub uboot set type of bootloader
bootloader.mtd_only 0 or 1 0 enable MTD
bootloader.mtd_env path N/A set MTD path
libthttp.certsdir path "/certs" set libthttp certificates path
secureboot.mode disabled, audit, lenient or strict lenient set secureboot severity level
secureboot.truststore string ca-certificates set truststore name to use to validate pvs signatures
secureboot.checksum 0 or 1 1 enable artifacts checksum validation
secureboot.handlers 0 or 1 1 enable the use of volume handlers
storage.device LABEL=XXXX, UUID=XXXX or string N/A (mandatory) set Pantavisor storage device using a partition label, UUID or /dev/ name
storage.fstype ext4, ubifs or jffs2 N/A (mandatory) journaling file system
storage.opts N/A N/A not implemented
storage.mntpoint path N/A (mandatory) set pv mount point
storage.mnttype ext4 disabled pv mount file system
storage.logtempsize size disabled sets the size of memory dedicated for log storage. The size may have a k, m or g suffix or a % suffix for percentage of memory
storage.wait integer 5 wait for storage to be available
storage.gc.reserved integer 5 garbage collector will try to always keep this percentage of disk free
storage.gc.keep_factory 0 or 1 0 avoid deletion of revision 0 objects by the garbage collector
storage.gc.threshold integer 0 garbage collector will be triggered if there is less than this percentage of disk free. 0 means it will just be run when an update needs more space than available
storage.gc.threshold.defertime integer 600 time in seconds the garbage collector threshold will be deferred after a new object has been put from the pvctrl objects endpoint
disk.voldir path /volumes set volumes path
updater.goals.timeout integer 120 time in seconds that Pantavisor will wait for a container to achieve its status goal
updater.use_tmp_objects 0 or 1 0 download objects in an on-disk temporary location. If disabled, objects will be stored in memory while downloading
updater.commit.delay integer 25 testing time in seconds after an update
revision.retries integer 10 max number of update retries before rollback
revision.retries.timeout integer 120 set time in seconds before a failed update is retired
wdt.enabled 0 or 1 1 DEPRECATED: use wdt.mode instead
wdt.mode disabled, shutdown, startup or always (experimental) shutdown watchdog mode
wdt.timeout integer 15 set reset timeout in seconds for kernel watchdog
net.brdev string lxcbr0 container bridge name
net.braddress4 ip container bridge address
net.brmask4 ip container bridge mask address
log.dir path /storage/logs/ set log storage path
log.server.outputs comma-sepated list of the following values: filetree, singlefile, stdout, stdout.pantavisor, stdout.containers, stdout_direct and nullsink filetree defines output of Log Server
log.maxsize integer 2097152 B (2 MB) max size of a stored log file before compressing the logs
log.level 0 (FATAL), 1 (ERROR), 2 (WARN), 3 (INFO), 4 (DEBUG) or 5 (ALL) 0 Pantavisor log verbosity level
log.buf_nitems integer 128 KB log buffer size in memory
log.capture 0 or 1 1 activate Log Server
log.capture.dmesg 0 or 1 0 pump dmesg into Log Server
log.loggers 0 or 1 1 disable loggers
log.filetree.timestamp.format golang:constant or strftime:format empty set the timestamp format for the filetree log output
log.singlefile.timestamp.format golang:constant or strftime:format empty set the timestamp format for the singlefile log output
log.stdout.timestamp.format golang:constant or strftime:format empty set the timestamp format for the stdout log output
log.stdout 0 or 1 0 DEPRECATED: use log.server.outputs instead
libthttp.log.level 0 (FATAL), 1 (ERROR), 2 (WARN), 3 (INFO), 4 (DEBUG) or 5 (ALL) 3 libthttp log verbosity level
lxc.log.level integer 2 0 to 8 lxc log verbosity level
control.remote 0 or 1 1 enable all communication with Pantacor Hub
control.remote.always 0 or 1 0 enable all communication with Pantacor Hub even if a local revision is installed
sysctl.* value empty configure /proc/sys hierarchy with sysctl.conf format. See sysctl.conf(5) man page

Example of pantavisor.config:



Key Value Default Description
creds.type builtin and ext-* builtin set type of authentication ip Pantacor Hub IP
creds.port port 12365 Pantacor Hub port proxy host NULL Proxy Host (if enabled)
creds.proxy.port proxy port 3128 Proxy Port
creds.proxy.noproxyconnect int 0 Disable Proxyconnect protocol (basic http proxy for TLS) string unset (set after claim) device id
creds.prn string unset (set after claim) device prn
creds.secret string unset (set after claim) device secret
creds.tpm.key string disabled TMP key
creds.tpm.cert string disabled TMP certificate
factory.autotok string disabled token for auto claiming
updater.interval integer 60 time between Pantacor Hub update requests
updater.network_timeout integer 120 wait time in seconds before rollback if device does not get network connectivity
log.push 0 or 1 1 push stored logs to cloud
metadata.devmeta.interval integer 10 time between Pantacor Hub devive metadata requests
metadata.usrmeta.interval integer 5 time between Pantacor Hub user metadata requests

Example of pantahub.config:


At boot up time

There are two options here: using cmdline and policies. Inside of the boot up time options we also have a hierarchy, making cmdline override policies.

Using cmdline

The values from the previous sections can be overriden at boot up time, just writing the key=value pair in /proc/cmdline with a prefix before the key. This is tipically done from the bootloader menu.

Any key from pantavisor.config can be overriden appending the pv_ prefix to the key, while any pantahub.config can do the same with the ph_ prefix.

Example of cmdline configuration:

pv_log.logger=0 ph_log.push=0


When using any of the stdout outputs pv_log.server.outputs=stdout | stdout.pantavisor | stdout.containers, you can also pass ignore_loglevel and printk.devkmsg=on to kernel through cmdline to make all messages go to console

Using policies

Policies can be added to the platform vendor repo. To set a policy, we use the policy key or the pv_policy in case cmdline is used.

A policy is just a file with the same format as pantavisor.config that is added as an addiitonal layer during boot up time. All keys are allowed except the following ones:

  • policy
  • system.init.mode
  • cache.usrmetadir
  • cache.devmetadir
  • system.libdir
  • system.etcdir
  • system.rundir
  • system.mediadir
  • system.confdir

After an update

Some of the values from the previous sections can be overridden when making a new revision. To do so, you must create a new file, following the same format we use for compile time configuration and reference it from bsp/run.json.

These are the keys that are accepted at this level of configuration. See the compile time section for reference:

  • creds.proxy.port
  • creds.proxy.noproxyconnect
  • storage.gc.reserved
  • storage.gc.keep_factory
  • storage.gc.threshold
  • storage.gc.threshold.defertime
  • updater.goals.timeout
  • updater.use_tmp_objects
  • updater.keep_factory
  • updater.interval
  • updater.network_timeout
  • updater.commit.delay
  • revision.retries
  • revision.retries.timeout
  • log.maxsize
  • log.level
  • log.buf_nitems
  • log.push
  • log.capture
  • log.loggers
  • log.stdout
  • log.server.outputs
  • log.capture.dmesg
  • log.filetree.timestamp.format
  • log.singlefile.timestamp.format
  • log.stdout.timestamp.format
  • libthttp.log.level
  • lxc.log.level
  • metadata.devmeta.interval
  • metadata.usrmeta.interval
  • wdt.enabled
  • wdt.mode
  • wdt.timeout

For example, this is how this file would look like if we wanted to overwrite the log level and the garbage collector threshold:


During runtime

User Metadata


If the user metadata volume is assigned to a permanent volume, these changes will persist over device reboots.

User metadata can be used to override the values from the previous sections.

These are the keys that can be overrriden from user metadata configuration. See the compile time section for reference on them:

  • debug.ssh
  • storage.gc.reserved
  • storage.gc.keep_factory
  • storage.gc.threshold
  • storage.gc.threshold.defertime
  • updater.interval
  • log.level
  • log.push
  • libthttp.log.level
  • metadata.devmeta.interval
  • metadata.usrmeta.interval

Pantavisor Control Socket


The configuration changes made by this method are volatile and thus will not persist after a device reboot. In that case, the value will fallback to the previously presented highest configuration level.

In this case, there is only one possible value that can be overridden by Pantavisor Commands. See the compile time section for reference:

  • debug.ssh