Comment 13 for bug 1784001

Hi Mohd,
most of that is the default and the rest could IMHO cause more trouble than help.
In detail:
1. dynamic_ownership, remember_owner, swtpm_user, swtpm_group are already by default on the values you suggested.
2. setting user/owner changes the user/group sets these for the QEMU processes run by system instances. This is by default libvirt-qemu:kvm, among others reasons one of them is to ensure a guest that might be exploited only directly reaching permissions/capabilities that are not too wide reaching.

As we have split before, this actually consists of two bugs.
1. using an iso file as downloaded should work in a guest (it does) - bug 2002773
2. restoring file ownership after execution isn't always working - bug 2002771

Yes, you might mitigate the second bug by just executing as the user you want your files to be owned. Because then if they fail to restore back they will be what you want, but as outlined above there are concerns in regard to security - and on a multi user system a single user/group there also isn't very helpful.

Just recently we were able to understand in bug 2002771 why this sometimes worked and sometimes did not (depends on use case and how things are attached/detached) which eluded further debugging for a long time.