Seccomp: replacing security modules?

I would love for some sort of consistent, always available, unprivileged, user space, fined grained, security framework to materialize. Right now sand-boxing code is only looked at as meaning either virtual machines, or virtualized machines. Some of us still think that should mean "operating systems". Resource limits, file systems permissions, user accounts, and process privileges come so very close. There just needs to be that last feature set. There was even that x11 sand-boxing program from awhile back (what was that?)