Comment 5 for bug 2002771

Thanks Michal for verifying,

We went into some debugging and found more as we wondered that the .qcow works fine and the .iso did not. So what is the difference?

We found the behavior depending on how things get added/removed.
TL;DR:
- any form of hot-remove => no restore of permissions
- and proper shutdown while attached => restore permissions

Details:

0. start & shutdown -> restores disk permission
perms: root:root before
virsh start vm1-1
perms: libvirt-qemu:kvm while running
virsh shutdown vm1-1
perms: root:root after

1. insert & eject cdrom -> does not restore permissions
perms: root:root before
virsh start vm1-1
virsh change-media vm1-1 hdb /var/lib/libvirt/images/ubuntu-22.04.2-desktop-amd64.iso --insert
perms: libvirt-qemu:kvm while running
virsh change-media vm1-1 hdb --eject
perms: libvirt-qemu:kvm after

2. hot attach & hot detach disk -> does not restore permissions
perms: root:root before
virsh start vm1-1
virsh attach-device vm1-1 test.xml
perms: libvirt-qemu:kvm while running
virsh detach-device vm1-1 test.xml
perms: libvirt-qemu:kvm after

3. hot attach & shutdown -> does restore permissions
perms: root:root before
virsh start vm1-1
virsh attach-device vm1-1 test.xml
perms: libvirt-qemu:kvm while running
virsh shutdown vm1-1
perms: libvirt-qemu:kvm after

4. insert cdrom & shutdown -> does not restore permissions
perms: root:root before
virsh start vm1-1
virsh change-media vm1-1 hdb /var/lib/libvirt/images/ubuntu-22.04.2-desktop-amd64.iso --insert
perms: libvirt-qemu:kvm while running
virsh shutdown vm1-1
perms: root:root before

From here:
1. please get a larger testbed based on >=jammy (to not hunt old issues) or even mantic to have debuginfod for source
2. Please debug #1 and #2 as they should be the most simple cases.
   2.1 Find in either logs [1] why/what it is doing
   2.2 If that isn't sufficient debug with gdb

[1]: https://libvirt.org/kbase/debuglogs.html