---
id: 83f90a8e-b4a9-4858-a273-c17dd680f3a9
type: solution
title: "Proxmox API token cannot set LXC feature flags on privileged containers"
tags: [proxmox, api, lxc, permissions, homelab, fix]
importance: 0.7
confidence: 0.8
created: "2026-02-08T04:17:39.644059+00:00"
updated: "2026-02-08T04:17:39.644059+00:00"
relations:
  - target: 384eebbd-a2fd-41a5-93aa-a0f8c332686d
    type: BUILDS_ON
    direction: incoming
    strength: 0.5
---

The Proxmox API token (even root@pam\!tokenname) cannot set feature flags like nesting=1,keyctl=1 on privileged LXC containers. Error: '403 Forbidden: Permission check failed (changing feature flags for privileged container is only allowed for root@pam)'. Workaround: Use SSH to Proxmox host and run pct create directly instead of the API. The pct CLI running as root@pam has full permissions. This affects the proxmox_client.py create_container method when passing features parameter.