Preserving Old Kernel While Continuing Updates

I had a situation last night where I updated from 5.8.7-200.fc32.x86_64 to 5.8.8-200.fc32.x86_64 on multiple systems. Those with Intel RST raid1 devices for root failed to boot but I was able to bring up on the old kernel. Bug reported and I want to continue with standard updates including the kernel but I want to insure the working kernel does not age out and get removed, which happens it appears by default after 3 kernels, at least not until I get a new kernel that works.

How does one protect a working kernel from automatic removal ?

Based on what I see, this is what I think happens or should happen but can anyone confirm? dnf keeps kernels based on /etc/dnf/dnf.conf, installonly_limit=3. After, it deletes the old kernel packages. Setting it higher is only a partial solution as /boot will eventually fill. Grubby does not strictly care what dnf did, and instead creates menu entries for based on what is available. One thing I don’t know is which tool deletes initramfs for a deleted kernel.

Kernel headers are another question. These are only installed for the current kernel and I assume that’s because it’s the only one you would be concerned about rebuilding. For older kernel, you only want them to boot, so you only need the kernel and the modules. Is the way to do it add these packages to file in /etc/dnf/protected.d and will it break kernel updating?

If anyone can provide any guidance, help is appreciated. Thanks.

When I need to retain an old kernel, I usually bump the limit to 4 and then when I see an update is going to delete a kernel I want to keep, I remove one of the intermediate kernels before doing the update.

As for the headers, I have never seen a need to have anything except the latest kernel headers even when running an older kernel. You may need the matching kernel-devel package in some cases.


Thank you. While looking I did find a way to test my theory but your suggestion to bump to 4 is a good idea as I have space. I cannot say below works yet but I did:

rpm -qa | grep kernel | grep '5.8.7' > /etc/dnf/protected.d/kernel-`uname -r`.conf
dnf config-manager --dump | grep protected

At least, dnf says they are protected. I have root access so it was not a n issue. I found a couple of other options ‘dnf mark’ as well as a dnf module protectedversions that may also be useful for something like this but was not quite what I wanted.

  • Power on your machine
  • Select the Kernel that you want to preserve (GRUB Menu) and boot with that
  • when you get to user space, use dnf to uninstall or remove unwanted kernel versions. As long as you have booted with the preferred version, it is protected from dnf. When dnf removes an installed Kernel, it also removes the associated initramfs files
1 Like

Thanks. fwiw, /etc/dnf/protected.d did not work. I applied a testing kernel today and had preserved all but dnf rode right over it and deleted the oldest version anyway. I will try your suggestions next time.

You can get the old Kernel back. If you remember the version number, then search here: