What does escalating privileges in Docker allow a container to do?

Escalating privileges in Docker primarily allows a container to access the Docker daemon directly. This is significant because the Docker daemon is responsible for managing Docker containers, images, networks, and volumes on the host machine. By gaining access to the Docker daemon, a container can potentially gain control over the host system, manipulate other containers, create or destroy resources, and execute commands with the host’s privileges.

This capability poses a security risk, as it allows an attacker who compromises a container to affect the entire host system, not just the container itself. It's crucial for Docker best practices to limit the privileges assigned to containers and to isolate them adequately from the host to minimize the risk of privilege escalation.

The other options do not accurately describe the consequence of privilege escalation. Isolation from the host is generally a goal of using Docker, not a result of escalating privileges. Similarly, running without a filesystem and using cached layers in builds do not relate to privilege escalation but rather to container functionality and performance optimization.