I am sorry but the protection of packages is a feature of dnf. For your user case I would recommend to use "rpm -e kernel kernel-core kernel-modules" or "rpm -e $(dnf repoquery kernel* -q --installed)" commands for a kernel case. To disable protection it also helps to use "--setopt=protected_packages=''", then the systemd could be removed, but not a running kernel. Hope that it helps.
I see bug. And bug is: DNF behaves differently in various namespaces.
Action of DNF is not consistent. For specific example check original bug-report.
We have ci-system. Where main tools id DNF. Of course we can set various `special conditions`. But this is local solution. And more and more people will bump into this.
Please make aware DNF of different namespaces.
Currently DNF is not ready to work in containers.
We could use systemd-detect-virt to detect if we're inside a container.
Also if we're working with an installroot that is different (realpath!) to '/' we could also allow removing kernel.
PR libdnf: https://github.com/rpm-software-management/libdnf/pull/957
PR dnf: https://github.com/rpm-software-management/dnf/pull/1625
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (dnf bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.