Here's my problem:

mmiller@xpc1:~$ ls -l /proc/kmsg
-r-----r-- 1 root root 0 2008-01-06 04:27 /proc/kmsg
mmiller@xpc1:~$ cat /proc/kmsg
cat: /proc/kmsg: Operation not permitted

So, how come I can't read from /proc/kmsg, even though the permissions are open?

Why do you read /proc/kmsg as non-system user?
What are you trying to accomplish?
Isn't 'dmesg' output good enough?

For increased security I want to run my system log daemon as an unprivileged user. I also want to run it from a chroot jail. I'm actually mounting /proc/kmsg inside my chroot environment, and I'm setting all the permissions on that so that the logging user can access it, but the logger is not able to read from it. The example I started this post with is simplified, but I think it clearly shows what I believe is the underlying problem.

In particular, I want to run syslog-ng from a chroot as an unprivileged user. This is all working, except that I can't get at kernel messages. When I posted this problem to the syslog-ng forum I was told that I may have to tweak my SELinux settings, but I think that SELinux is not active on my system. I'm using Debian, and SELinux should be inactive by default.

As far as using dmesg, I don't know how to tell syslog-ng to read from this instead of trying to read from /proc/kmsg like it wants to.

There's a lot of daemons that could be targets for chrooting and usually it involves those with a flakey security track record or those with otherwise doubtful survivability in hostile environments. One of the rules of building a chroot states you shouldn't mount /proc stuff in the chroot so that's a wee bit of a chicken and egg situation. If you don't mind me saying I think deploying SELinux is preferable to chrooting Syslogd but the attached learning curve might be prohibitive.

Only alternative I can think of is running Syslogd from init and logging to an unused IP address and having your remote IP-less syslog server, preferably not running anything else and properly hardened, picking it up.