diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy
index 39296a11..6ecc534d 100644
--- a/appvm/qubes.Filecopy.policy
+++ b/appvm/qubes.Filecopy.policy
@@ -1 +1 @@
-anyvm	anyvm	ask,user=root
+$anyvm	$anyvm	ask,user=root
diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy
index e103d394..7c9ccb41 100644
--- a/appvm/qubes.OpenInVM.policy
+++ b/appvm/qubes.OpenInVM.policy
@@ -1,2 +1,2 @@
-anyvm	dispvm	allow
-anyvm	anyvm	ask
+$anyvm	$dispvm	allow
+$anyvm	$anyvm	ask
diff --git a/appvm/qvm-open-in-dvm2 b/appvm/qvm-open-in-dvm2
index dcc7195e..25e8904c 100755
--- a/appvm/qvm-open-in-dvm2
+++ b/appvm/qvm-open-in-dvm2
@@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
 	exit 1
 fi
 
-exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
+exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy
index 74f80450..611f006d 100644
--- a/dom0/aux-tools/qubes.ReceiveUpdates.policy
+++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy
index 74f80450..611f006d 100644
--- a/dom0/qubes.SyncAppMenus.policy
+++ b/dom0/qubes.SyncAppMenus.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
index c0733cc6..b4a3b53a 100644
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
                         continue;
                 if (*untrusted_s >= '0' && *untrusted_s <= '9')
                         continue;
-                if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+                if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
                         continue;
                 *untrusted_s = '_';
         }
diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
index 8d66630d..c44ca258 100755
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@@ -40,7 +40,7 @@ def read_policy_file(exec_index):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "anyvm") or item == config_term
+    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}
@@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
 def do_execute(domain, target, user, exec_index, process_ident):
     if target == "dom0":
         cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
-    elif target == "dispvm":
+    elif target == "$dispvm":
         cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
     else:
     # see the previous commit why "qvm-run -a" is broken and dangerous