Right now, the kernel requires root privileges (in particular, CAP_SYS_ADMIN) not only to open /proc/kmsg, but also to read from it:
$ sudo python
[sudo] password for martin:
>>> import os
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IOError: [Errno 1] Operation not permitted
Due to this, we need to jump through ridiculous hoops to make rsyslog run as non-root user: /etc/init/rsyslog-kmsg.conf starts a dd process (as root) with bs=1 which shovels /proc/kmsg to a FIFO, which rsyslog then can read from. Due to reading single bytes (in order to not lag behind) it burns a lot of CPU power, especially on boot (see http://people.canonical.com/~pitti/bootcharts/daniel-lucid-20100129-1.png).