Comment 9 for bug 1944436

This causes an issue when using glib's gspawn APIs under libseccomp on impish. It uses close_range to set CLOEXEC on some open file descriptors and rightfully checks for ENOSYS. However, since seccomp doesn't know about the syscall that becomes EPERM and it skips setting CLOEXEC assuming there was a legit error in close_range. Eventually this means that the process run by gspawn hangs because nothing is closing the file descriptor as expected.

Debian has been shipping this backported to bullseye for a while - https://salsa.debian.org/debian/libseccomp/-/blob/debian/bullseye/debian/patches/syscalls_add_close_range_syscall.patch.