Enable address and undefined behavior sanitizers in CI builds.

We need to disable leak sanitizer during "make check" because it
uses ptrace which is not allowed for unprivileged containers.

.circleci/config.yml

@@ -10,7 +10,7 @@ jobs:
       - checkout
       - run:
           name: "Building and packaging sudo"
-          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror
+          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror --enable-sanitizer
       # Save workspace for subsequent jobs (i.e. test)
       - persist_to_workspace:
           root: .
@@ -27,6 +27,9 @@ jobs:
       - run:
           name: "Running tests"
           command: make check
+          environment:
+              # Leak sanitizer requires ptrace, disable it
+              ASAN_OPTIONS: detect_leaks=0
 
 # Orchestrate our job run sequence
 workflows:

docker/README

@@ -27,3 +27,14 @@ Multi-arch containers are supported by creating a manifest, e.g.:
 
 Finally push the manifest to dockerhub:
     podman push sudoproject/debian:latest
+
+Note that memory sanitizer uses ptrace which is not allowed for
+non-root containers by default.  This will cause a failure when
+running the tests if sudo is configured with --enable-sanitizer.
+The simplest solution is to run the container with the SYS_PTRACE
+capability.  E.g.
+    podman run -it --cap-add SYS_PTRACE ...
+
+Alternately, disable leak sanitizer by setting
+    ASAN_OPTIONS=detect_leaks=0
+in the environment of the container doing "make check".

docker/fedora/latest/Dockerfile

@@ -2,7 +2,7 @@ FROM docker.io/library/fedora:latest
 ENV TZ=America/Denver
 
 RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
-    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
-    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
-    procps which
+    libasan libubsan libselinux-devel libsepol-devel openldap-devel \
+    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+    ed gcc gdb git openssh procps which
 RUN useradd -ms /bin/bash build

docker/fedora/rawhide/Dockerfile

@@ -2,7 +2,7 @@ FROM docker.io/library/fedora:rawhide
 ENV TZ=America/Denver
 
 RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
-    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
-    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
-    procps which
+    libasan libubsan libselinux-devel libsepol-devel openldap-devel \
+    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+    ed gcc gdb git openssh procps which
 RUN useradd -ms /bin/bash build