CLOS-3846: Document cagefsctl --enable/disable-cagefs-no-dev-log commands

Add the two new cagefsctl commands to the CLI reference table and
update the CageFS Syslog section with usage instructions for the
cagefs-no-dev-log feature flag.

Author: Andrei Zheregelia

docs/cloudlinuxos/cloudlinux_os_components/README.md

@@ -2919,17 +2919,42 @@ add <span class="notranslate"> `clean_user_php_sessions=false` line to _/etc/sys
 #### Syslog
 
 
-By default, <span class="notranslate"> _/dev/log_ </span> should be available inside end user's <span class="notranslate"> CageFS </span> . This is needed so that user's cronjobs and other things that user <span class="notranslate"> _dev/log_ </span> would get recorded in the system log files.
+By default, <span class="notranslate"> _/dev/log_ </span> should be available inside end user's <span class="notranslate"> CageFS </span> . This is needed so that user's cronjobs and other things that use <span class="notranslate"> _/dev/log_ </span> would get recorded in the system log files.
+
+##### Disabling /dev/log in CageFS
+
+To disable <span class="notranslate"> _/dev/log_ </span> inside CageFS (for example, to reduce the attack surface), use the <span class="notranslate"> `cagefs-no-dev-log` </span> feature flag:
+
+<div class="notranslate">
+
+```
+cagefsctl --enable-cagefs-no-dev-log
+```
+</div>
+
+This command removes <span class="notranslate"> _/dev/log_ </span> from the CageFS skeleton, updates the syslog configuration, and remounts all CageFS users. User processes inside CageFS will no longer be able to write to the system log via <span class="notranslate"> _/dev/log_ </span>.
+
+To restore <span class="notranslate"> _/dev/log_ </span> in CageFS:
+
+<div class="notranslate">
+
+```
+cagefsctl --disable-cagefs-no-dev-log
+```
+</div>
+
+:::tip Note
+On systems using <span class="notranslate"> rsyslog </span>, the syslog socket is controlled via the file <span class="notranslate"> _/etc/rsyslog.d/schroot.conf_ </span> with the following content:
 
-This is controlled using file <span class="notranslate"> _/etc/rsyslog.d/schroot.conf_ </span> with the following content:
 <div class="notranslate">
 
 ```
 $AddUnixListenSocket /usr/share/cagefs-skeleton/dev/log
 ```
 </div>
 
-To remove presence of <span class="notranslate"> _dev/log_ </span> inside CageFS, remove that file, and restart rsyslog service.
+The <span class="notranslate"> `--enable-cagefs-no-dev-log` </span> and <span class="notranslate"> `--disable-cagefs-no-dev-log` </span> commands manage this configuration automatically. Manual editing of rsyslog configuration is no longer necessary.
+:::
 
 
 #### Excluding mount points

docs/cloudlinuxos/command-line_tools/README.md

@@ -50,6 +50,8 @@ Options:
 | | <span class="notranslate"> --force-update </span> |force update of CageFS (ignore period of update)|
 | | <span class="notranslate"> --force-update-etc </span> |force update of _/etc_ directories for users in CageFS|
 | | <span class="notranslate"> --reconfigure-cagefs </span> |configure CageFS integration with other software (control panels, database servers, etc)|
+| | <span class="notranslate"> --enable-cagefs-no-dev-log </span> |stop creating <span class="notranslate"> _/dev/log_ </span> inside CageFS skeleton and remount all users (see [Syslog](/cloudlinuxos/cloudlinux_os_components/#syslog))|
+| | <span class="notranslate"> --disable-cagefs-no-dev-log </span> |restore <span class="notranslate"> _/dev/log_ </span> inside CageFS skeleton and remount all users (see [Syslog](/cloudlinuxos/cloudlinux_os_components/#syslog))|
 
 Use the following syntax to manage users:    
 <span class="notranslate"> `/usr/sbin/cagefsctl [OPTIONS] username [more usernames]` </span>