It's possible to configure the Paths to expose to isolated jobs list in the UI. The docs refer to this setting in two places:

• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html-single/configuring_automation_execution/index#controller-configure-jobs
• https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html-single/using_automation_execution/index#ref-controller-isolation-functionality

The docs are a bit misleading in suggesting that the only supported entries are of the form HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. Users that are familiar with podman and bind mounts are also apt to try and mount one single file from the host into the execution environment. Something like:

/tmp/dummy.txt:/tmp/dummy.txt
/tmp/dummy.txt:/tmp/

But if they do this, ansible-runner in fact strips off the filename and would just bind mount the whole host directory into the execution environment. This could be considered a security problem since that directory may contain files that should not be mounted in the EE.

I'm requesting a change to the docs to make users aware of this behavior. Something like:

"Note: If a path to a specific file is entered, then the whole directory containing that will be mounted inside the execution environment."