SUSE Support

Here When You Need Us

How to mask non-live kernel patches when using SUSE Linux Enterprise Live Patching in an environment connected to SCC

This document (7023875) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Live Patching
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)
SUSE Linux Enterprise Server 12 Service Pack 3 (SLES 12 SP3)
SUSE Linux Enterprise Server 12 Service Pack 4 (SLES 12 SP4)
SUSE Linux Enterprise Server 15


Customer is using SUSE Linux Enterprise Live patching and receives the updates through SCC.
It would be desired to prevent regular (non-live) kernel patches from being installed. Masking them would avoid installing them accidentally.


The non-live kernel packages should be masked during the patching cycle by running:

# zypper addlock kernel-default

or (using abbreviations):

# zypper al kernel-default

This results in zypper command omitting packages named kernel-default-<version> during "zypper up" or "zypper patch" commands.

In the even of new non-live patches available during a patching action, the following message (or similar) will be displayed:

The following 2 items are locked and will not be changed by any action
  kernel-default-XXXX kernel-default-YYYY ....

However, the patches containing the kgraft string will be installed, with the following message:

The following package is going to be upgraded:


By default, both kernel live and non-live patches are available for the systems.

Additional Information

The problematic explained in this TID can be bypassed by having a server lifecycle management tool, such as SUSE Manager. Repositories and/or patches can be easily masked as desired with this product.

All locks can be shown by simply running:

zypper locks

Locks can be removed by running:

zypper removelock package-name


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023875
  • Creation Date: 14-May-2019
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.