diff --git a/test/PLAN.md b/test/PLAN.md
index 4fdbf9d..a94e1b9 100644
--- a/test/PLAN.md
+++ b/test/PLAN.md
@@ -21,15 +21,20 @@ Requires root (`fanotify` FID reporting and `mount` both need `CAP_SYS_ADMIN`).
 
 ## Setup
 
-1. Create a temporary image file (`mktemp`)
-2. `dd` 10M of zeros into it
+1. Create a temporary image file (`mktemp /tmp/fa2json-test-XXXXXX.img`)
+2. `truncate -s 10M` the image (sparse file, no need for `dd`)
 3. `mkfs.ext4` the image
-4. `losetup --find --show` to attach it as a loop device
-5. `mount` the loop device to a temporary directory (`mktemp -d`)
-6. Spawn `fa2json <mountpoint>` as a child process
-7. Attach a `readline` interface to its stdout; parse each line as JSON and
+4. Create a temporary mount directory (`mktemp -d /tmp/fa2json-mnt-XXXXXX`)
+5. `sudo mount <img> <mntdir>` (no `losetup` needed — `mount` accepts image files directly)
+6. `sudo chown $(id -u) <mntdir>` to hand ownership to the current user
+7. `sync` to flush before fa2json starts listening
+8. `sudo` spawn `fa2json <mountpoint>` as a child process (needs `CAP_SYS_ADMIN`)
+9. Attach a `readline` interface to its stdout; parse each line as JSON and
    push into an event buffer
 
+Steps 6 and 7 ensure the `chown` event never enters the fa2json stream, and
+all subsequent FS operations run unprivileged.
+
 ---
 
 ## Teardown
@@ -37,10 +42,9 @@ Requires root (`fanotify` FID reporting and `mount` both need `CAP_SYS_ADMIN`).
 Runs unconditionally in a `finally` block:
 
 1. Kill the `fa2json` child process
-2. `umount <mountpoint>`
-3. `losetup -d <loopdev>`
-4. `rm` the image file
-5. `rmdir` the mount directory
+2. `sudo umount <mountpoint>`
+3. `rm` the image file
+4. `rmdir` the mount directory
 
 ---