Comment 6 for bug 1944436

Still working out kinks in the above, but here's a simpler one. Needs running in an nspawn container again (steps 1-2 above); should either succeed (no output) or print "function not implemented", but without seccomp support nspawn will block it and it will print "not permitted"

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main()
{
        if(syscall(436, 0, 0, 0)) {
                perror("close_range");
                exit(1);
        }

        exit(0);
}