Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening features. It is designed to be easy to use, highly configurable, and streamlined for performance. Grsecurity is a set of patches to the Linux kernel that provide an array of security features, including address space protection, enhanced auditing, and restrictions on privileged system calls. It also implements a variety of access control models, such as role-based access control, mandatory access control, and fine-grained control over system calls, user IDs, and process capabilities. Grsecurity also includes support for application security, such as stack protection, a non-executable stack, and buffer overflow protection.
Qubes OS
CLIP OS
SELinux
AppArmor
While there is no substitute for grsecurity, at least qubes can separate things, while grsecurity can prevent at the kernel level, which is the highest. Qubes OS security relies on awareness, the weakest link in security where the human factor is the factor. Qubes relies on several template distributions, it can't stop the attack like grsecurity does but it can separate which application vm (appvm) to use, instead of mixing everything in one place.