SELinux (http://www.nsa.gov/selinux/)

Combines type enforcement (own process domain) & role-based access control
Using the flask architecture (Object Manager <---AVC---> Security Server)	
Interface well defined
More complex to implement

Will be in 2.5 via LSM (Linux Security Module) 

Type Enforcement with insmod : 
allow sysadm_t insmod_exec_t:file x_file_perms;
allow sysadm_t insmod_t:process transition;
allow insmod_t insmod_exec_t:process {entrypoint execute};
allow insmod_t sysadm_t fd:inherit_fd_perms;
allow insmod_t self:capability sys_module;
allow insmod_t sysadm_t:process process sigchld;