`--remap-labels` fails with "permission denied`

**Description**



`--remap-labels` fails with "permission denied`


**Steps to reproduce the issue:**
* Install [fuse-overlayfs](https://github.com/containers/fuse-overlayfs) v1.1.2
* Install AkihiroSuda/containerd-fuse-overlayfs@d86b677ea0f243cb451939e743dfc5815e8cb65c
* Install containerd @ 4bec2dbd4f23be6d3bc034330df72e45eedc1838
* Set up `/etc/containerd/config.toml`
```toml
[proxy_plugins]
  [proxy_plugins."fuse-overlayfs"]
    type = "snapshot"
    address = "/run/containerd/fuse-overlayfs.sock"
```
* Start the daemons
```console
$ sudo containerd
$ sudo containerd-fuse-overlayfs-grpc /run/containerd/fuse-overlayfs.sock /tmp/foo
```
* Run a container with `--uidmap --gidmap --remap-labels`
```console
$ sudo ctr images pull  --snapshotter=fuse-overlayfs docker.io/library/alpine:latest
$ sudo ctr run -t --rm --snapshotter fuse-overlayfs --uidmap 0:5000:65535 --gidmap 0:5000:65535 --remap-labels  docker.io/library/alpine:latest  test
ctr: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: rootfs_linux.go:46: preparing rootfs caused: permission denied: unknown

```

**Describe the results you received:**

```console
ctr: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: rootfs_linux.go:46: preparing rootfs caused: permission denied: unknown
```




**Describe the results you expected:**
Should work


**Output of `containerd --version`:**

```
containerd github.com/containerd/containerd v1.4.0-beta.2-2-g4bec2dbd 4bec2dbd4f23be6d3bc034330df72e45eedc1838
```

runc: opencontainers/runc@b7d8f3bf0d6d99445302fec26c30f238a9865850

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`--remap-labels` fails with "permission denied` #4391

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

--remap-labels fails with "permission denied` #4391

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

`--remap-labels` fails with "permission denied` #4391