diff --git a/docs/design/seccomp.md b/docs/design/seccomp.md
index 7d65611edfd..4a28d705b7e 100644
--- a/docs/design/seccomp.md
+++ b/docs/design/seccomp.md
@@ -202,11 +202,11 @@ use annotations instead of extending the API with new fields.
 In the alpha version of this feature we will use annotations to store the
 names of seccomp profiles.  The keys will be:
 
-`security.alpha.kubernetes.io/seccomp/container/<container name>`
+`container.seccomp.security.alpha.kubernetes.io/<container name>`
 
 which will be used to set the seccomp profile of a container, and:
 
-`security.alpha.kubernetes.io/seccomp/pod`
+`seccomp.security.alpha.kubernetes.io/pod`
 
 which will set the seccomp profile for the containers of an entire pod.  If a
 pod-level annotation is present, and a container-level annotation present for
@@ -240,7 +240,7 @@ subdirectory of the kubelet root directory.
 
 The `PodSecurityPolicy` type should be annotated with the allowed seccomp
 profiles using the key
-`security.alpha.kubernetes.io/allowedSeccompProfileNames`.  The value of this
+`seccomp.security.alpha.kubernetes.io/allowedProfileNames`.  The value of this
 key should be a comma delimited list.
 
 ## Examples
@@ -255,7 +255,7 @@ kind: Pod
 metadata:
   name: trustworthy-pod
   annotations:
-    security.alpha.kubernetes.io/seccomp/pod: unconfined
+    seccomp.security.alpha.kubernetes.io/pod: unconfined
 spec:
   containers:
     - name: trustworthy-container
@@ -273,7 +273,7 @@ kind: Pod
 metadata:
   name: explorer
   annotations:
-    security.alpha.kubernetes.io/seccomp/container/explorer: localhost/example-explorer-profile
+    container.seccomp.security.alpha.kubernetes.io/explorer: localhost/example-explorer-profile
 spec:
   containers:
     - name: explorer
diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go
index e01210ee95a..825affd22a8 100644
--- a/pkg/kubelet/dockertools/manager.go
+++ b/pkg/kubelet/dockertools/manager.go
@@ -993,10 +993,10 @@ func (dm *DockerManager) getSecurityOpt(pod *api.Pod, ctrName string) ([]string,
 		return nil, nil
 	}
 
-	profile, profileOK := pod.ObjectMeta.Annotations["security.alpha.kubernetes.io/seccomp/container/"+ctrName]
+	profile, profileOK := pod.ObjectMeta.Annotations["container.seccomp.security.alpha.kubernetes.io/"+ctrName]
 	if !profileOK {
 		// try the pod profile
-		profile, profileOK = pod.ObjectMeta.Annotations["security.alpha.kubernetes.io/seccomp/pod"]
+		profile, profileOK = pod.ObjectMeta.Annotations["seccomp.security.alpha.kubernetes.io/pod"]
 		if !profileOK {
 			// return early the default
 			return defaultSecurityOpt, nil
@@ -1013,7 +1013,7 @@ func (dm *DockerManager) getSecurityOpt(pod *api.Pod, ctrName string) ([]string,
 		return nil, nil
 	}
 
-	if !strings.HasPrefix(profile, "localhost") {
+	if !strings.HasPrefix(profile, "localhost/") {
 		return nil, fmt.Errorf("unknown seccomp profile option: %s", profile)
 	}
 
diff --git a/pkg/kubelet/dockertools/manager_test.go b/pkg/kubelet/dockertools/manager_test.go
index 74417887ed6..178f950bae7 100644
--- a/pkg/kubelet/dockertools/manager_test.go
+++ b/pkg/kubelet/dockertools/manager_test.go
@@ -1762,7 +1762,7 @@ func TestUnconfinedSeccompProfileWithDockerV110(t *testing.T) {
 			Name:      "foo4",
 			Namespace: "new",
 			Annotations: map[string]string{
-				"security.alpha.kubernetes.io/seccomp/pod": "unconfined",
+				"seccomp.security.alpha.kubernetes.io/pod": "unconfined",
 			},
 		},
 		Spec: api.PodSpec{
@@ -1804,7 +1804,7 @@ func TestDefaultSeccompProfileWithDockerV110(t *testing.T) {
 			Name:      "foo1",
 			Namespace: "new",
 			Annotations: map[string]string{
-				"security.alpha.kubernetes.io/seccomp/pod": "docker/default",
+				"seccomp.security.alpha.kubernetes.io/pod": "docker/default",
 			},
 		},
 		Spec: api.PodSpec{
@@ -1846,8 +1846,8 @@ func TestSeccompContainerAnnotationTrumpsPod(t *testing.T) {
 			Name:      "foo2",
 			Namespace: "new",
 			Annotations: map[string]string{
-				"security.alpha.kubernetes.io/seccomp/pod":            "unconfined",
-				"security.alpha.kubernetes.io/seccomp/container/bar2": "docker/default",
+				"seccomp.security.alpha.kubernetes.io/pod":            "unconfined",
+				"container.seccomp.security.alpha.kubernetes.io/bar2": "docker/default",
 			},
 		},
 		Spec: api.PodSpec{
diff --git a/test/e2e/security_context.go b/test/e2e/security_context.go
index a0d41b5f3f5..af9d3bac33f 100644
--- a/test/e2e/security_context.go
+++ b/test/e2e/security_context.go
@@ -37,8 +37,9 @@ func scTestPod(hostIPC bool, hostPID bool) *api.Pod {
 	podName := "security-context-" + string(util.NewUUID())
 	pod := &api.Pod{
 		ObjectMeta: api.ObjectMeta{
-			Name:   podName,
-			Labels: map[string]string{"name": podName},
+			Name:        podName,
+			Labels:      map[string]string{"name": podName},
+			Annotations: map[string]string{},
 		},
 		Spec: api.PodSpec{
 			SecurityContext: &api.PodSecurityContext{
@@ -106,6 +107,37 @@ var _ = framework.KubeDescribe("Security Context [Feature:SecurityContext]", fun
 		testPodSELinuxLabeling(f, false, true)
 	})
 
+	It("should support seccomp alpha unconfined annotation on the container [Feature:Seccomp]", func() {
+		// TODO: port to SecurityContext as soon as seccomp is out of alpha
+		pod := scTestPod(false, false)
+		pod.Annotations["container.seccomp.security.alpha.kubernetes.io/test-container"] = "unconfined"
+		pod.Annotations["seccomp.security.alpha.kubernetes.io/pod"] = "docker/default"
+		pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
+		f.TestContainerOutput("pod.Spec.SecurityContext.Seccomp", pod, 0, []string{"0"}) // seccomp disabled
+	})
+
+	It("should support seccomp alpha unconfined annotation on the pod [Feature:Seccomp]", func() {
+		// TODO: port to SecurityContext as soon as seccomp is out of alpha
+		pod := scTestPod(false, false)
+		pod.Annotations["seccomp.security.alpha.kubernetes.io/pod"] = "unconfined"
+		pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
+		f.TestContainerOutput("pod.Spec.SecurityContext.Seccomp", pod, 0, []string{"0"}) // seccomp disabled
+	})
+
+	It("should support seccomp alpha docker/default annotation [Feature:Seccomp]", func() {
+		// TODO: port to SecurityContext as soon as seccomp is out of alpha
+		pod := scTestPod(false, false)
+		pod.Annotations["container.seccomp.security.alpha.kubernetes.io/test-container"] = "docker/default"
+		pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
+		f.TestContainerOutput("pod.Spec.SecurityContext.Seccomp", pod, 0, []string{"2"}) // seccomp filtered
+	})
+
+	It("should support seccomp default which is unconfined [Feature:Seccomp]", func() {
+		// TODO: port to SecurityContext as soon as seccomp is out of alpha
+		pod := scTestPod(false, false)
+		pod.Spec.Containers[0].Command = []string{"grep", "ecc", "/proc/self/status"}
+		f.TestContainerOutput("pod.Spec.SecurityContext.Seccomp", pod, 0, []string{"0"}) // seccomp disabled
+	})
 })
 
 func testPodSELinuxLabeling(f *framework.Framework, hostIPC bool, hostPID bool) {