I'm trying to create a local website that allows me to decrypt a file, mount its contained filesystem and start a systemd service without accessing the console. The started service then uses the files within the mounted filesystem. The webserver currently runs my python code via cgi to serve a simple website to decrypt and mount that filesystem. I made exceptions in the sudoers file for the www-data user to execute certain commands that I call in python.
When I decrypt the file using this website (which calls cryptsetup luksOpen) the decrypted device appears as expected:
> file /dev/mapper/service-volume
/dev/mapper/service-volume: symbolic link to ../dm-0
But when my python code tries to mount this service-volume it is only mounted within the apache worker process, unavailable for my shell or other processes (XXX is the PID of the apache worker process):
> mountpoint /mnt/service-folder
/mnt/service-folder is not a mountpoint
> cat /proc/XXX/mounts
...
/dev/mapper/service-volume /mnt/service-folder ext4 rw,relatime 0 0
The mount operation executed is sudo /bin/mount /dev/mapper/service-volume /mnt/service-folder with pythons subprocess.run().
So my questions are: What is happening there? Is this some namespace/cgroups magic? And how can this folder be mounted for another service/process other than apache itself?
Additional information:
The service-folder exists (without the mounted filesystem):
> ls -la /mnt/service-folder
total 8
drwxr-xr-x 2 root root 4096 Jan 23 21:25 .
drwxr-xr-x 4 root root 4096 Jan 23 21:25 ..
