From a5b888c19393ba136a925d1e4ef9e170b037fcc3 Mon Sep 17 00:00:00 2001
From: Shane McDonald <me@shanemcd.com>
Date: Tue, 1 Mar 2022 08:55:25 -0500
Subject: [PATCH] Add default container mounts to AWX_ISOLATION_SHOW_PATHS

---
 awx/main/tests/functional/api/test_settings.py | 5 ++++-
 awx/settings/defaults.py                       | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/awx/main/tests/functional/api/test_settings.py b/awx/main/tests/functional/api/test_settings.py
index a1ae7398a5..0e9bf08297 100644
--- a/awx/main/tests/functional/api/test_settings.py
+++ b/awx/main/tests/functional/api/test_settings.py
@@ -38,7 +38,10 @@ def test_jobs_settings(get, put, patch, delete, admin):
     data.pop('AWX_ANSIBLE_CALLBACK_PLUGINS')
     put(url, user=admin, data=data, expect=200)
     response = get(url, user=admin, expect=200)
-    assert response.data['AWX_ISOLATION_SHOW_PATHS'] == []
+    assert response.data['AWX_ISOLATION_SHOW_PATHS'] == [
+        '/etc/pki/ca-trust:/etc/pki/ca-trust:O',
+        '/usr/share/pki:/usr/share/pki:O',
+    ]
     assert response.data['AWX_ANSIBLE_CALLBACK_PLUGINS'] == []
 
 
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index bc3c2549c3..ef3999a0fd 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -589,7 +589,10 @@ GALAXY_IGNORE_CERTS = False
 
 # Additional paths to show for jobs using process isolation.
 # Note: This setting may be overridden by database settings.
-AWX_ISOLATION_SHOW_PATHS = []
+AWX_ISOLATION_SHOW_PATHS = [
+    '/etc/pki/ca-trust:/etc/pki/ca-trust:O',
+    '/usr/share/pki:/usr/share/pki:O',
+]
 
 # The directory in which the service will create new temporary directories for job
 # execution and isolation (such as credential files and custom