From 1bf50178bda6fda42d649f8e31093e16647a895a Mon Sep 17 00:00:00 2001
From: Joseph Marrero Corchado <jmarrero@redhat.com>
Date: Fri, 14 Mar 2025 12:29:27 -0400
Subject: [PATCH] minimal/kernel-install: set protect_running_kernel to False

https://dnf.readthedocs.io/en/latest/conf_ref.html#protect-running-kernel-label
uses uname to protect the running kernel, when both the
container and the host shared the same kernel version this
blocks removing the kernel or replacing it, since on ostree
systems we only support one kernel this prevents us from
installing kernel-rt for example.
---
 minimal/kernel-install.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/minimal/kernel-install.yaml b/minimal/kernel-install.yaml
index a0e915f..1d75cd9 100644
--- a/minimal/kernel-install.yaml
+++ b/minimal/kernel-install.yaml
@@ -13,9 +13,13 @@ postprocess:
     # https://dnf.readthedocs.io/en/latest/conf_ref.html#main-options
     # Let's add the config to a distribution configuration file if dnf5
     # is used, we append to /etc/dnf/dnf.conf if not.
+    # Also set protect_running_kernel=False, dnf/yum pre-dates Containers and
+    # uses uname to protect the running kernel even on Container builds.
     if [ -d "/usr/share/dnf5/libdnf.conf.d/" ]; then
       echo -e "[main]\ninstallonlypkgs=''" >> /usr/share/dnf5/libdnf.conf.d/20-ostree-installonlypkgs.conf
+      echo -e "[main]\nprotect_running_kernel=False" >> /usr/share/dnf5/libdnf.conf.d/20-ostree-protect_running_kernel.conf
     else
       echo "installonlypkgs=''" >> /etc/dnf/dnf.conf
+      echo "protect_running_kernel=False" >> /etc/dnf/dnf.conf
     fi