How do I exclude kernel or other packages from getting updated in Red Hat Enterprise Linux while updating system via yum?

Solution Verified - Updated -


  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • Red Hat Enterprise Linux (RHEL) 9
  • Red Hat Satellite
  • Red Hat Network


  • How do I exclude kernel or other packages from getting updated in Red Hat Enterprise Linux while updating system via yum?
  • How do I use the exclude option with yum?
  • How to prevent a package from updating while updating system from Satellite Server ?
  • How to exclude only 32 bit or 64 bit packages ?


  • The up2date command in Red Hat Enterprise Linux 4 excludes kernel updates by default. The yum in Red Hat Enterprise Linux 5 includes kernel updates by default.

  • To skip installing or updating kernel or other packages while using the yum update utility in Red Hat Enterprise Linux 5, 6, 7, 8 and 9, use following options:

  • Temporary solution via Command line:

# yum update --exclude=PACKAGENAME 

For example, to exclude all kernel related packages:

# yum update --exclude=kernel*

To exclude gcc and php name of packages:

# yum update --exclude=gcc,php

To exclude gcc* and php* packages:

# yum update --exclude=gcc* --exclude=php*
  • To make permanent changes, edit the /etc/yum.conf file and following entries to it:
exclude=kernel* redhat-release*                           <==== 

NOTE: If there are multiple packages to be excluded, then separate them using a single space or comma. Also, do not add multiple exclude= lines in the configuration file because yum only considers the last exclude entry.

To exclude 32 bit packages edit /etc/yum.conf file.

exclude=*.i?86 *.i686

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


Shouldn't you also exclude redhat-release* to prevent the /etc/redhat-release file to be updated independently of the kernel? If you don't do this you risk having a kernel version older than what the redhat-release file says you have.

Is there a repository-specific way to make that change? Namely, to exclude the kernel updates from the rhel-7-server-beta-rpms repository. The notes in the /etc/yum.repos.d/redhat.repo state that the changes made to the file are overwritten and that subscription-manager should be used instead. Does anyone have a suggestion on how to accomplish this with the subscription-manager?

So far, adding the exclude line to the [rhel-7-server-beta-rpms] section in /etc/yum.repos.d/redhat.repo file works as expected.

The following command will add the option to a specific repository using the subscription-manager:
subscription-manager repo-override --repo=rhel-7-server-beta-rpms --add=exclude:kernel*,redhat-release*

Your solution has subtle bug: it also prevents kernel-headers from updating which would ruin eventually installing packages having dependency on newer glibc which has dependency on newer kernel-headers. My fix was to remove "star" from exclusion string so that only "kernel" package would match, and "kernel-headers" won't be excluded.

i have a problem about include kernel or exclude kernel,if i using yum to update my RHEL 6.1.
Is other packeage(like nscd,firefox,....) have any different between include kernel update and exclude kernel update?

My particular problem was VirtualBox Guest Additions kernel modules ruined after unintended kernel upgrade.

You can try this command which would run update temporary disabling all exclusions:

yum --disableexcludes=all update

I am getting below error if i tried to exclude redhat-release package.

-> Finished Dependency Resolution
Error: unbound-libs conflicts with redhat-release-server-7.0-1.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@UA-HA ~]#

Simple solution: rhel-7-server-rhceph-1.3-osd-rpms is available on all OSP SKUs, so just enable the repos at no cost to solve this problem.

i use to exclude the kernel but a colleague just advised me that it is good to update verything together

Hello Cyrpian, It is defitniivelly better to update all packages and avoid exclude for sure because everything has been tested for that but sometings your existing. The kernel updates inside RHEL are just releases it is not really changing the version but ...

The exclude is there in the serious case of problem of your own install (maybe you have specific things compiled ?), you need maybe prepare or change some installed things on your servers especially if you are using things static on the kernel, but if you work with the less custom espcially for the modules otherwise you will need to work on how to change your static things into dynamic by dkms for instance.


Is there any problem of installing New kernel every month?
for Eg: I use to run yum update --security

Since we were facing zombie process on the servers.

[root@TCLDIGMDMAPRD02 ~]# ps -ef | grep defunct root 955 906 0 13:49 pts/0 00:00:00 grep --color=auto defunct root 22918 22915 0 01:13 pts/1 00:00:00 [sh] root 23881 23880 0 01:58 ? 00:00:00 [ksmtuned] root 25558 25553 0 04:00 ? 00:00:00 [date] root 26856 26854 0 05:40 ? 00:00:00 [date] root 27471 27466 0 06:30 ? 00:00:00 [date] root 29671 29666 0 09:00 ? 00:00:00 [date] root 31352 31351 0 11:10 ? 00:00:00 [date]

[root@TCLDIGMDMAPRD02 ~]# ps -ef | grep 29671 root 958 906 0 13:49 pts/0 00:00:00 grep --color=auto 29671 root 29671 29666 0 09:00 ? 00:00:00 [date]

[root@TCLDIGMDMAPRD02 ~]# ps -xal | grep 29666 0 0 960 906 20 0 112708 964 pipe_w S+ pts/0 0:00 grep --color=auto 29666 0 0 29666 29659 20 0 113184 1192 - Rs ? 21114870:52 /bin/sh /usr/lib64/sa/sa1 1 1 0 0 29671 29666 20 0 0 0 do_exi Z ? 0:00 [date]