How do I exclude kernel or other packages from getting updated in Red Hat Enterprise Linux while updating system via yum?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • Red Hat Enterprise Linux (RHEL) 9
  • Red Hat Satellite
  • Red Hat Network

Issue

  • How do I exclude kernel or other packages from getting updated in Red Hat Enterprise Linux while updating system via yum?
  • How do I use the exclude option with yum?
  • How to prevent a package from updating while updating system from Satellite Server ?
  • How to exclude only 32 bit or 64 bit packages ?

Resolution

  • The up2date command in Red Hat Enterprise Linux 4 excludes kernel updates by default. The yum in Red Hat Enterprise Linux 5 includes kernel updates by default.

  • To skip installing or updating kernel or other packages while using the yum update utility in Red Hat Enterprise Linux 5, 6, 7, 8 and 9, use following options:

  • Temporary solution via Command line:

# yum update --exclude=PACKAGENAME

For example, to exclude all kernel related packages:

# yum update --exclude=kernel*

For RHEL7 and RHEL8, also exclude the following packages.

# yum update --exclude=kernel* --exclude=kmod-kvdo

To exclude gcc and php name of packages:

# yum update --exclude=gcc,php

To exclude gcc* and php* packages:

# yum update --exclude=gcc* --exclude=php*
  • To make permanent changes, edit the /etc/yum.conf file and following entries to it:
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel*                           <====
  • For RHEL7 and RHEL8, also exclude the following packages.
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* kmod-kvdo                           <====

NOTE: If there are multiple packages to be excluded, then separate them using a single space or comma. Also, do not add multiple exclude= lines in the configuration file because yum only considers the last exclude entry.

To exclude 32 bit packages edit /etc/yum.conf file.

exclude=*.i?86 *.i686
  • Component
  • yum

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

14 Comments

Log in to comment
YG Newbie 5 points
15 September 2014 1:50 PM

Shouldn't you also exclude redhat-release* to prevent the /etc/redhat-release file to be updated independently of the kernel? If you don't do this you risk having a kernel version older than what the redhat-release file says you have.

Amel Hodzic's picture Pro 653 points
4 March 2015 8:01 AM

Is there a repository-specific way to make that change? Namely, to exclude the kernel updates from the rhel-7-server-beta-rpms repository. The notes in the /etc/yum.repos.d/redhat.repo state that the changes made to the file are overwritten and that subscription-manager should be used instead. Does anyone have a suggestion on how to accomplish this with the subscription-manager?

So far, adding the exclude line to the [rhel-7-server-beta-rpms] section in /etc/yum.repos.d/redhat.repo file works as expected.

UPDATE
The following command will add the option to a specific repository using the subscription-manager:
subscription-manager repo-override --repo=rhel-7-server-beta-rpms --add=exclude:kernel*,redhat-release*

AS Newbie 10 points
14 October 2015 3:36 PM

Your solution has subtle bug: it also prevents kernel-headers from updating which would ruin eventually installing packages having dependency on newer glibc which has dependency on newer kernel-headers. My fix was to remove "star" from exclusion string so that only "kernel" package would match, and "kernel-headers" won't be excluded.

TD Newbie 12 points
17 October 2015 5:12 AM

i have a problem about include kernel or exclude kernel,if i using yum to update my RHEL 6.1.
Is other packeage(like nscd,firefox,....) have any different between include kernel update and exclude kernel update?

AS Newbie 10 points
19 October 2015 11:54 AM

My particular problem was VirtualBox Guest Additions kernel modules ruined after unintended kernel upgrade.

You can try this command which would run update temporary disabling all exclusions:

yum --disableexcludes=all update
PC Newbie 7 points
13 December 2015 7:15 AM

I am getting below error if i tried to exclude redhat-release package.

-> Finished Dependency Resolution
Error: unbound-libs conflicts with redhat-release-server-7.0-1.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@UA-HA ~]#
JF Red Hat Active Contributor 240 points
20 December 2016 12:47 AM

Simple solution: rhel-7-server-rhceph-1.3-osd-rpms is available on all OSP SKUs, so just enable the repos at no cost to solve this problem.

CA Community Member 95 points
13 November 2018 4:31 PM

i use to exclude the kernel but a colleague just advised me that it is good to update verything together

Aymeric M's picture Active Contributor 226 points
21 February 2022 11:06 AM

Hello Cyrpian, It is defitniivelly better to update all packages and avoid exclude for sure because everything has been tested for that but sometings your existing. The kernel updates inside RHEL are just releases it is not really changing the version but ...

The exclude is there in the serious case of problem of your own install (maybe you have specific things compiled ?), you need maybe prepare or change some installed things on your servers especially if you are using things static on the kernel, but if you work with the less custom espcially for the modules otherwise you will need to work on how to change your static things into dynamic by dkms for instance.

Regards,

jJ Community Member 29 points
6 July 2020 8:14 AM

Is there any problem of installing New kernel every month?
for Eg: I use to run yum update --security

Since we were facing zombie process on the servers.

[root@TCLDIGMDMAPRD02 ~]# ps -ef | grep defunct root 955 906 0 13:49 pts/0 00:00:00 grep --color=auto defunct root 22918 22915 0 01:13 pts/1 00:00:00 [sh] root 23881 23880 0 01:58 ? 00:00:00 [ksmtuned] root 25558 25553 0 04:00 ? 00:00:00 [date] root 26856 26854 0 05:40 ? 00:00:00 [date] root 27471 27466 0 06:30 ? 00:00:00 [date] root 29671 29666 0 09:00 ? 00:00:00 [date] root 31352 31351 0 11:10 ? 00:00:00 [date]

[root@TCLDIGMDMAPRD02 ~]# ps -ef | grep 29671 root 958 906 0 13:49 pts/0 00:00:00 grep --color=auto 29671 root 29671 29666 0 09:00 ? 00:00:00 [date]

[root@TCLDIGMDMAPRD02 ~]# ps -xal | grep 29666 0 0 960 906 20 0 112708 964 pipe_w S+ pts/0 0:00 grep --color=auto 29666 0 0 29666 29659 20 0 113184 1192 - Rs ? 21114870:52 /bin/sh /usr/lib64/sa/sa1 1 1 0 0 29671 29666 20 0 0 0 do_exi Z ? 0:00 [date]

HS Newbie 5 points
18 November 2022 9:44 AM

Im trying to exlude kernel updates by using exclude but it updating kernel only.

Matt Geisler's picture Community Member 24 points
30 November 2022 6:38 PM

I've used this to get around kernel updates...

yum update --exclude=kernel* --exclude=linux-firmware* --exclude=firmware --exclude=dbus* --exclude=glibc* --exclude=hal* --exclude=systemd* --exclude=udev* --exclude=openssl-libs* --exclude=gnutls* --exclude=openssl-libs*

CR Newbie 5 points
5 June 2023 8:19 PM

How can I prevent kernel package updates using Satellite 6.12?

PM Community Member 21 points
31 October 2023 1:56 PM

Below is my yum.conf file

$ cat /etc/yum.conf
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
#exclude=libvirt-devel libvirt-daemon-kvm libvirt-client libvirt-libs libvirt-daemon* podman*

I had added few excludes but later disabled them. however, yum update still fails for me with below error.

Error:
 Problem 1: package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_6.10.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_7.1.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_7.2.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_7.3.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_7.7.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_7.8.0)(64bit), but none of the providers can be installed
  - package python3-libvirt-8.0.0-2.module+el8.8.0+16781+9f4724c2.ppc64le requires libvirt.so.0(LIBVIRT_8.0.0)(64bit), but none of the providers can be installed
  - cannot install the best update candidate for package python3-libvirt-6.0.0-1.module+el8.3.0+6423+e4cb6418.ppc64le
  - package libvirt-libs-8.0.0-19.module+el8.8.0+18453+e0bf0d1d.ppc64le is filtered out by exclude filtering
 Problem 2: package libvirt-8.0.0-19.module+el8.8.0+18453+e0bf0d1d.ppc64le requires libvirt-libs = 8.0.0-19.module+el8.8.0+18453+e0bf0d1d, but none of the providers can be installed
  - cannot install the best update candidate for package libvirt-6.0.0-37.module+el8.5.0+12162+40884dd2.ppc64le
  - package libvirt-libs-8.0.0-19.module+el8.8.0+18453+e0bf0d1d.ppc64le is filtered out by exclude filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

The update is only working if I use yum --disableexcludes=all update. Can any1 suggest what is going wrong here?