Yes, the operating system is the correct place to enforce capabilities.
The problem with this is that no mainstream OS does this correctly, which means that correctly doing security requires writing a new OS and getting all the userspace programs ported over to it (which is a non-trivial port, because the programming model for capabilities is pretty significantly different from mainstream OSes). It's very hard to convince users to ditch their entire computing ecosystem for a new one unless all of their devices get pwned and they can't access their computing ecosystem anyway.
I'm convinced the way this will be done is to take a capabilities based OS, and tack on an emulation layer to allow Windows or Linux binaries to run, and only let them see the things that the user has decided they need to see, by emulating the dialog boxes to the app, and then transparently enforcing those choices. Thus a copy of a windows Text editor could run, and ONLY get access to the file the user chooses, without having to re-write anything.
The crux of the issue is command line programs... I'm not sure how to deal with those, but I suspect it'll be an outer job control language.
The problem with this is that no mainstream OS does this correctly, which means that correctly doing security requires writing a new OS and getting all the userspace programs ported over to it (which is a non-trivial port, because the programming model for capabilities is pretty significantly different from mainstream OSes). It's very hard to convince users to ditch their entire computing ecosystem for a new one unless all of their devices get pwned and they can't access their computing ecosystem anyway.