diff --git a/man/tuned-adm.8 b/man/tuned-adm.8
index 7b2b693..01dcd18 100644
--- a/man/tuned-adm.8
+++ b/man/tuned-adm.8
@@ -138,6 +138,18 @@ Profile optimized for virtual hosts based on throughput-performance profile.
 It additionally enables more aggresive writeback of dirty pages.
 
 .TP
+.BI "atomic-guest"
+Profile optimized for virtual Atomic guests. It is based on virtual-guest
+profile. It additionally increases SELinux AVC cache, PID limit and tunes
+netfilter connections tracking.
+
+.TP
+.BI "atomic-host"
+Profile optimized for Atomic hosts. It is based on throughput-performance
+profile. It additionally increases SELinux AVC cache, PID limit and tunes
+netfilter connections tracking.
+
+.TP
 .BI "sap"
 Profile optimized for the best performance of SAP software. It is based on
 throughput-performance profile. It additionally tunes sysctl settings
diff --git a/profiles/atomic-guest/tuned.conf b/profiles/atomic-guest/tuned.conf
new file mode 100644
index 0000000..aff05f2
--- /dev/null
+++ b/profiles/atomic-guest/tuned.conf
@@ -0,0 +1,16 @@
+#
+# tuned configuration
+#
+
+[main]
+include=virtual-guest
+
+[selinux]
+avc_cache_threshold=65536
+
+[net]
+nf_conntrack_hashsize=131072
+
+[sysctl]
+kernel.pid_max=131072
+net.netfilter.nf_conntrack_max=1048576
diff --git a/profiles/atomic-host/tuned.conf b/profiles/atomic-host/tuned.conf
new file mode 100644
index 0000000..ad223bd
--- /dev/null
+++ b/profiles/atomic-host/tuned.conf
@@ -0,0 +1,16 @@
+#
+# tuned configuration
+#
+
+[main]
+include=throughput-performance
+
+[selinux]
+avc_cache_threshold=65536
+
+[net]
+nf_conntrack_hashsize=131072
+
+[sysctl]
+kernel.pid_max=131072
+net.netfilter.nf_conntrack_max=1048576
diff --git a/recommend.conf b/recommend.conf
index d01ebdf..45eed36 100644
--- a/recommend.conf
+++ b/recommend.conf
@@ -7,6 +7,14 @@
 # If 'virt' or 'system' is empty, i.e. 'virt=', it matches only empty string (alias for '^$').
 # If several profiles matched, the first match is taken.
 
+[atomic-host]
+virt=
+system=.*atomic.*
+
+[atomic-guest]
+virt=.+
+system=.*atomic.*
+
 [throughput-performance]
 virt=
 system=.*(computenode|server).*
diff --git a/tuned/plugins/plugin_net.py b/tuned/plugins/plugin_net.py
index 57e4265..b9a60b4 100644
--- a/tuned/plugins/plugin_net.py
+++ b/tuned/plugins/plugin_net.py
@@ -75,6 +75,7 @@ class NetTuningPlugin(base.Plugin):
 	def _get_config_options(cls):
 		return {
 			"wake_on_lan": None,
+			"nf_conntrack_hashsize": None,
 		}
 
 	def _init_stats_and_idle(self, instance, device):
@@ -121,6 +122,10 @@ class NetTuningPlugin(base.Plugin):
 		# speed / 7  Mb -> MB
 		return (int) (0.6 * 1024 * 1024 * speed / 8)
 
+	@classmethod
+	def _nf_conntrack_hashsize_path(self):
+		return "/sys/module/nf_conntrack/parameters/hashsize"
+
 	@command_set("wake_on_lan", per_device=True)
 	def _set_wake_on_lan(self, value, device):
 		if value is None:
@@ -144,3 +149,19 @@ class NetTuningPlugin(base.Plugin):
 		except IOError:
 			pass
 		return value
+
+	@command_set("nf_conntrack_hashsize")
+	def _set_nf_conntrack_hashsize(self, value):
+		if value is None:
+			return
+
+		hashsize = int(value)
+		if hashsize >= 0:
+			tuned.utils.commands.write_to_file(self._nf_conntrack_hashsize_path(), hashsize)
+
+	@command_get("nf_conntrack_hashsize")
+	def _get_nf_conntrack_hashsize(self):
+		value = tuned.utils.commands.read_file(self._nf_conntrack_hashsize_path())
+		if len(value) > 0:
+			return int(value)
+		return None
diff --git a/tuned/plugins/plugin_selinux.py b/tuned/plugins/plugin_selinux.py
new file mode 100644
index 0000000..757ecf7
--- /dev/null
+++ b/tuned/plugins/plugin_selinux.py
@@ -0,0 +1,55 @@
+import os
+import base
+from decorators import *
+import tuned.logs
+import tuned.utils.commands
+
+log = tuned.logs.get()
+
+class SelinuxPlugin(base.Plugin):
+	"""
+	Plugin for tuning SELinux options.
+	"""
+
+	@classmethod
+	def _get_selinux_path(self):
+		path = "/sys/fs/selinux"
+		if not os.path.exists(path):
+			path = "/selinux"
+			if not os.path.exists(path):
+				path = None
+		return path
+
+	def __init__(self, *args, **kwargs):
+		self._selinux_path = self._get_selinux_path()
+		if self._selinux_path is None:
+			raise exceptions.NotSupportedPluginException("SELinux is not enabled on your system or incompatible version is used.")
+		self._cache_threshold_path = os.path.join(self._selinux_path, "avc", "cache_threshold")
+		super(self.__class__, self).__init__(*args, **kwargs)
+
+	def _get_config_options(self):
+		return {
+			"avc_cache_threshold" : None,
+		}
+
+	def _instance_init(self, instance):
+		instance._has_static_tuning = True
+		instance._has_dynamic_tuning = False
+
+	def _instance_cleanup(self, instance):
+		pass
+
+	@command_set("avc_cache_threshold")
+	def _set_avc_cache_threshold(self, value):
+		if value is None:
+			return
+		threshold = int(value)
+		if threshold >= 0:
+			tuned.utils.commands.write_to_file(self._cache_threshold_path, threshold)
+
+	@command_get("avc_cache_threshold")
+	def _get_avc_cache_threshold(self):
+		value = tuned.utils.commands.read_file(self._cache_threshold_path)
+		if len(value) > 0:
+			return int(value)
+		return None