diff --git a/.circleci/config.yml b/.circleci/config.yml
index ccd52de43..02698110c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -10,7 +10,7 @@ jobs:
       - checkout
       - run:
           name: "Building and packaging sudo"
-          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror
+          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror --enable-sanitizer
       # Save workspace for subsequent jobs (i.e. test)
       - persist_to_workspace:
           root: .
@@ -27,6 +27,9 @@ jobs:
       - run:
           name: "Running tests"
           command: make check
+          environment:
+              # Leak sanitizer requires ptrace, disable it
+              ASAN_OPTIONS: detect_leaks=0
 
 # Orchestrate our job run sequence
 workflows:
diff --git a/docker/README b/docker/README
index d51360928..85d34afda 100644
--- a/docker/README
+++ b/docker/README
@@ -27,3 +27,14 @@ Multi-arch containers are supported by creating a manifest, e.g.:
 
 Finally push the manifest to dockerhub:
     podman push sudoproject/debian:latest
+
+Note that memory sanitizer uses ptrace which is not allowed for
+non-root containers by default.  This will cause a failure when
+running the tests if sudo is configured with --enable-sanitizer.
+The simplest solution is to run the container with the SYS_PTRACE
+capability.  E.g.
+    podman run -it --cap-add SYS_PTRACE ...
+
+Alternately, disable leak sanitizer by setting
+    ASAN_OPTIONS=detect_leaks=0
+in the environment of the container doing "make check".
diff --git a/docker/fedora/latest/Dockerfile b/docker/fedora/latest/Dockerfile
index de04d96c4..6db57bdb4 100644
--- a/docker/fedora/latest/Dockerfile
+++ b/docker/fedora/latest/Dockerfile
@@ -2,7 +2,7 @@ FROM docker.io/library/fedora:latest
 ENV TZ=America/Denver
 
 RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
-    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
-    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
-    procps which
+    libasan libubsan libselinux-devel libsepol-devel openldap-devel \
+    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+    ed gcc gdb git openssh procps which
 RUN useradd -ms /bin/bash build
diff --git a/docker/fedora/rawhide/Dockerfile b/docker/fedora/rawhide/Dockerfile
index d34a5ec0f..9390a4d62 100644
--- a/docker/fedora/rawhide/Dockerfile
+++ b/docker/fedora/rawhide/Dockerfile
@@ -2,7 +2,7 @@ FROM docker.io/library/fedora:rawhide
 ENV TZ=America/Denver
 
 RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
-    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
-    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
-    procps which
+    libasan libubsan libselinux-devel libsepol-devel openldap-devel \
+    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
+    ed gcc gdb git openssh procps which
 RUN useradd -ms /bin/bash build