I found this weird machine online, looks like they're using docker for security but I'm not sure their OPSEC is as good as they think!
The docker socket is mounted inside the docker container. This allows us to run regular docker commands to communicate with the docker daemon, for instance mounting the host disk, and chroot-ing to it.
We find the flag.txt here:
Obtaining our flag: