Traditional MAC systems (e.g. SELinux, STOP/OS etc.) do address this problem, but are extremely difficult to manage. The primary reason for this is the complexity in specifying the rules.
For instance, SE Linux requires 90,000+ rules by default on a per workstation or server environment in order to just get going. Yet, if you need to stop an on-going attack immediately—by revoking the offending user’s access privileges—SE Linux provides no practical way of achieving it, without requiring you to shut down the entire system, get the permissions right and the restart.
This problem is not just limited to SELinux. Pick any modern IPS, IDS, Role Based Access Control system, or a Mandatory Access Control system of your choice. They all suffer from either lack of capability or complexity of implementation, or both.