diff --git a/common/qubes_trigger_sync_appmenus.action b/common/qubes_trigger_sync_appmenus.action
new file mode 100644
index 00000000..ad56a8f2
--- /dev/null
+++ b/common/qubes_trigger_sync_appmenus.action
@@ -0,0 +1 @@
+*:any:/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
diff --git a/common/qubes_trigger_sync_appmenus.sh b/common/qubes_trigger_sync_appmenus.sh
new file mode 100755
index 00000000..fc5301a4
--- /dev/null
+++ b/common/qubes_trigger_sync_appmenus.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable`
+
+if [ "$UPDATEABLE" = "True" ]; then
+    echo -n SYNC > /var/run/qubes/qrexec_agent
+fi
diff --git a/qrexec/qrexec.h b/qrexec/qrexec.h
index d0769366..bd996c48 100644
--- a/qrexec/qrexec.h
+++ b/qrexec/qrexec.h
@@ -51,7 +51,8 @@ enum {
 
 enum {
 	QREXEC_EXECUTE_FILE_COPY=0x700,
-	QREXEC_EXECUTE_FILE_COPY_FOR_DISPVM
+	QREXEC_EXECUTE_FILE_COPY_FOR_DISPVM,
+	QREXEC_EXECUTE_APPMENUS_SYNC
 };
 	
 struct server_header {
diff --git a/qrexec/qrexec_agent.c b/qrexec/qrexec_agent.c
index 0e244678..06a89103 100644
--- a/qrexec/qrexec_agent.c
+++ b/qrexec/qrexec_agent.c
@@ -482,6 +482,9 @@ void handle_trigger_io()
 		else if (!strcmp(buf, "DVMR"))
 			s_hdr.client_id =
 			    QREXEC_EXECUTE_FILE_COPY_FOR_DISPVM;
+		else if (!strcmp(buf, "SYNC"))
+			s_hdr.client_id =
+			    QREXEC_EXECUTE_APPMENUS_SYNC;
 		if (s_hdr.client_id) {
 			s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_EXEC;
 			write_all_vchan_ext(&s_hdr, sizeof s_hdr);
diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
index 22a163e1..dafce73c 100644
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@@ -361,6 +361,10 @@ void handle_execute_predefined_command(int req)
 		rcmd = "directly:user:/usr/lib/qubes/qfile-agent-dvm";
 		lcmd = "/usr/lib/qubes/qfile-daemon-dvm";
 		break;
+	case QREXEC_EXECUTE_APPMENUS_SYNC:
+		rcmd = "user:grep -H = /usr/share/applications/*.desktop";
+		lcmd = "/usr/bin/qvm-sync-appmenus";
+		break;
 	default:		/* cannot happen, already sanitized */
 		fprintf(stderr, "got trigger exec no %d\n", req);
 		exit(1);
@@ -402,7 +406,8 @@ void sanitize_message_from_agent(struct server_header *untrusted_header)
 	case MSG_AGENT_TO_SERVER_TRIGGER_EXEC:
 		untrusted_cmd = untrusted_header->client_id;
 		if (untrusted_cmd != QREXEC_EXECUTE_FILE_COPY &&
-		    untrusted_cmd != QREXEC_EXECUTE_FILE_COPY_FOR_DISPVM) {
+		    untrusted_cmd != QREXEC_EXECUTE_FILE_COPY_FOR_DISPVM &&
+		    untrusted_cmd != QREXEC_EXECUTE_APPMENUS_SYNC) {
 			fprintf(stderr,
 				"received MSG_AGENT_TO_SERVER_TRIGGER_EXEC cmd %d ?\n",
 				untrusted_cmd);
diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec
index 74b7a5e8..993b277f 100644
--- a/rpm_spec/core-commonvm.spec
+++ b/rpm_spec/core-commonvm.spec
@@ -33,6 +33,7 @@ License:	GPL
 URL:		http://www.qubes-os.org
 Requires:	/usr/bin/xenstore-read
 Requires:   fedora-release
+Requires:   yum-plugin-post-transaction-actions
 BuildRequires: xen-devel
 
 %define _builddir %(pwd)/common
@@ -78,6 +79,10 @@ mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
 cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
 cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
+mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
+cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
+mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
+cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
 
 %triggerin -- initscripts
 cp /var/lib/qubes/serial.conf /etc/init/serial.conf
@@ -226,3 +231,5 @@ rm -rf $RPM_BUILD_ROOT
 /usr/bin/xenstore-watch-qubes
 /etc/udev/rules.d/qubes_network.rules
 /usr/lib/qubes/setup_ip
+/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
+/usr/lib/qubes/qubes_trigger_sync_appmenus.sh