Podman: Rootless --cpus results in Permission Denied

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description
Executing a simple podman run -it --rm -p 9000:9000 --memory 1G --cpus 1 localhost/bench-camel:latest results in

Error: opening file `cpu.max` for writing: Permission denied: OCI runtime permission denied error

Executing under sudo works correctly.

This issue seemed related https://github.com/containers/crun/issues/489 but if I remove the --cpus flag the memory limit is applied correctly, so it's something specific to cpus.

Steps to reproduce the issue:

1. Trying to limit cpus with --cpus

Describe the results you received:
Permissions denied error

Describe the results you expected:
Successfully limit cpus

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      2.1.1
API Version:  2.0.0
Go Version:   go1.14.9
Built:        Wed Sep 30 14:31:11 2020
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.16.1
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.21-2.fc32.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.21, commit: 81d18b6c3ffc266abdef7ca94c1450e669a6a388'
  cpus: 8
  distribution:
    distribution: fedora
    version: "32"
  eventLogger: journald
  hostname: jam01.jam01
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.8.12-200.fc32.x86_64
  linkmode: dynamic
  memFree: 1624256512
  memTotal: 16672882688
  ociRuntime:
    name: crun
    package: crun-0.15-5.fc32.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.15
      commit: 56ca95e61639510c7dbd39ff512f80f626404969
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.4-1.fc32.x86_64
    version: |-
      slirp4netns version 1.1.4
      commit: b66ffa8e262507e37fca689822d23430f3357fe8
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 2
  swapFree: 8246571008
  swapTotal: 8350855168
  uptime: 112h 5m 29.99s (Approximately 4.67 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
  - registry.redhat.io
store:
  configFile: /home/jam01/.config/containers/storage.conf
  containerStore:
    number: 5
    paused: 0
    running: 0
    stopped: 5
  graphDriverName: vfs
  graphOptions: {}
  graphRoot: /home/jam01/.local/share/containers/storage
  graphStatus: {}
  imageStore:
    number: 12
  runRoot: /run/user/1000/run
  volumePath: /home/jam01/.local/share/containers/storage/volumes
version:
  APIVersion: 2.0.0
  Built: 1601494271
  BuiltTime: Wed Sep 30 14:31:11 2020
  GitCommit: ""
  GoVersion: go1.14.9
  OsArch: linux/amd64
  Version: 2.1.1

Package info (e.g. output of rpm -q podman or apt list podman):

podman-2.1.1-7.fc32.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

No, and yes.

Additional environment details (AWS, VirtualBox, physical, etc.):
na