>> I decided it would be good to have a bootable rescue CD

 I'm doing something similar. I want to make a bootable image holding forensics
tools, to let me boot up a suspect machine into a trusted environment. Is there
a group or mailing list working on creating rescue disks? I wouldn't mind
observing, since I think a `rescue CD' and a `forensics CD' will probably
overlap a lot.

>> -- one that had all of /bin, /usr/bin, etc.

 Don't forget your favorite tools from /usr/pkg/.

>> I was rather surprised, when it booted, to find myself in sysinst.

 Same here. I think a custom kernel (without the root on memory disk stuff)
would have fixed this, but instead I just made a boot floppy holding my CD's
gzipped "root on cd0" kernel. It would be nice if the boot program allowed
"cd0a:", in case I ever get a kernel that can't fit on a floppy.

> I'm not sure if a cd9660 filesystem supports device entries for /dev.

 Except for the fact that I forgot to make them the first time, this seems to
mostly work as expected. Some of the boot scripts complained about not being
able to chown the devices. I think that might be why my alternate wscons
displays failed. sshd won't allow interactive logins because it can't chown the
new tty device. A "ssh cdhost somecommand" worked fine once I created some
(non-world readable) keys in /tmp.

> You should be able to mount an mfs against "swap"

 That's what I'm doing for /tmp and /var/tmp. I'm thinking of changing /var/tmp
to be a symlink to /tmp/var.tmp/ so I can have just one mount. I tried some
overlay mounts to fake up a writable /etc and /var, but I didn't get very far.

 The worst problem I've found so far is that the date resets to 1 Jan 1970.