Add new "SB" column to services widget showing systemd sandboxing status.
Service status now reflects security posture with unsandboxed services
showing as degraded/warning status.
Changes:
- Add is_sandboxed field to ServiceData and ServiceInfo structs
- Add check_service_sandbox method detecting systemd hardening features
- Add format_sandbox_value function showing "yes"/"no" for sandboxing
- Update service status determination to consider sandbox status:
- Sandboxed + Running = "Running" (green/ok)
- Unsandboxed + Running = "Degraded" (yellow/warning)
- Failed services = "Stopped" (red/critical)
- Add "SB" column header to services widget
Services without proper NixOS hardening (PrivateTmp, ProtectSystem, etc.)
now show warning status to highlight security concerns.
Christoffer Martinsson
4fa2b079f1