diff --git a/.gitignore b/.gitignore
index 6501871..2ab60c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libsepol-3.3.tar.gz
+SOURCES/libsepol-3.4.tar.gz
diff --git a/.libsepol.metadata b/.libsepol.metadata
index 75fae5b..923d725 100644
--- a/.libsepol.metadata
+++ b/.libsepol.metadata
@@ -1 +1 @@
-a9e20d2a381e241689301f491049c961bb494f41 SOURCES/libsepol-3.3.tar.gz
+656626fe5a625d05c67720036325c598520e6436 SOURCES/libsepol-3.4.tar.gz
diff --git a/SOURCES/0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch b/SOURCES/0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
new file mode 100644
index 0000000..dc4afbc
--- /dev/null
+++ b/SOURCES/0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
@@ -0,0 +1,43 @@
+From 0594b9bdeac8e78aacd737e95ce0f74a467d1c43 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 23 May 2022 12:25:58 +0200
+Subject: [PATCH] libsepol: Bring back POLICYDB_CAPABILITY_* constants
+Content-type: text/plain
+
+They were removed by the commit 0d84ebcbc475d ("libsepol: Shorten the
+policy capability enum names") but they might be used somewhere in code
+deployed on RHEL 9.0
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libsepol/include/sepol/policydb/polcaps.h | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
+index f5e32e60975d..e568733b3a33 100644
+--- a/libsepol/include/sepol/policydb/polcaps.h
++++ b/libsepol/include/sepol/policydb/polcaps.h
+@@ -19,6 +19,20 @@ enum {
+ };
+ #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
+ 
++/* legacy constants from past to preserve backward compatibility */
++enum {
++    POLICYDB_CAPABILITY_NETPEER =                 POLICYDB_CAP_NETPEER,
++    POLICYDB_CAPABILITY_OPENPERM =                POLICYDB_CAP_OPENPERM,
++    POLICYDB_CAPABILITY_EXTSOCKCLASS =            POLICYDB_CAP_EXTSOCKCLASS,
++    POLICYDB_CAPABILITY_ALWAYSNETWORK =           POLICYDB_CAP_ALWAYSNETWORK,
++    POLICYDB_CAPABILITY_CGROUPSECLABEL =          POLICYDB_CAP_CGROUPSECLABEL,
++    POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION =   POLICYDB_CAP_NNP_NOSUID_TRANSITION,
++    POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS = POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
++    POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC =      POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
++    __POLICYDB_CAPABILITY_MAX =                 __POLICYDB_CAP_MAX
++};
++#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAP_MAX - 1)
++
+ /* Convert a capability name to number. */
+ extern int sepol_polcap_getnum(const char *name);
+ 
+-- 
+2.36.1
+
diff --git a/SPECS/libsepol.spec b/SPECS/libsepol.spec
index 750b38f..2b5e8f7 100644
--- a/SPECS/libsepol.spec
+++ b/SPECS/libsepol.spec
@@ -1,15 +1,16 @@
 Summary: SELinux binary policy manipulation library
 Name: libsepol
-Version: 3.3
-Release: 2%{?dist}
+Version: 3.4
+Release: 1.1%{?dist}
 License: LGPLv2+
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libsepol-3.3.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsepol-3.4.tar.gz
 URL: https://github.com/SELinuxProject/selinux/wiki
 # $ git clone https://github.com/fedora-selinux/selinux.git
 # $ cd selinux
-# $ git format-patch -N libsepol-3.3 -- libsepol
+# $ git format-patch -N libsepol-3.4 -- libsepol
 # $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
+Patch0001: 0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
 # Patch list end
 BuildRequires: make
 BuildRequires: gcc
@@ -48,6 +49,13 @@ Requires: %{name}-devel%{?_isa} = %{version}-%{release}
 The libsepol-static package contains the static libraries and header files
 needed for developing applications that manipulate binary policies. 
 
+%package utils
+Summary: SELinux libsepol utilities
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description utils
+The libsepol-utils package contains the utilities
+
 %prep
 %autosetup -p 2 -n libsepol-%{version}
 
@@ -68,10 +76,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
 %make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
-rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolbools
-rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolusers
-rm -f ${RPM_BUILD_ROOT}%{_bindir}/chkcon
-rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8
+rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8/gen*
 rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
 
 %files static
@@ -92,7 +97,19 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
 %license COPYING
 %{_libdir}/libsepol.so.2
 
+%files utils
+%{_bindir}/chkcon
+%{_bindir}/sepol_check_access
+%{_bindir}/sepol_compute_av
+%{_bindir}/sepol_compute_member
+%{_bindir}/sepol_compute_relabel
+%{_bindir}/sepol_validate_transition
+%{_mandir}/man8/chkcon.8.gz
+
 %changelog
+* Mon May 23 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1.1
+- SELinux userspace 3.4 release
+
 * Thu Nov 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
 - Use correct libdir in libsepol.pc (#2018492)