Once upon a time, Toshio Kuratomi a.badger@gmail.com said:
<nod> Just have yum drop a config file in there that protects the kernel rather than protecting the kernel if some other package chooses to protect something else.
The magic "don't delete the running kernel" can't be done with just a config file. Something has to detect which kernel version is running and match it to an RPM, and then protect just that version of multiple installed kernel RPMs.
I supposed you could do it external to yum/dnf with a boot-time script that rewrites a config file to protect kernel-$(uname -r), but that may not always work (it would have to handle things like kernel-PAE and such).