This container has the Docker CLI tools installed in it, and can perform Docker operations (such as starting/stopping containers) through the host's Docker daemon. Access to the host's Docker daemon should be mounted with --volume /var/run/docker.sock:/var/run/docker.sock (which is automatically done by jetson-containers/run.sh). Then it will share all the same container images and instances that are available on the host.
This is not technically Docker-in-Docker, as the container is not running its own Docker daemon (but rather sharing the host's). For more info, see Jérôme Petazzoni's excellent blog post on the subject, which outlines the pro's and con's and common pitfalls of these approaches. In particular, mounting the Docker socket as mentioned above allieviates many of these issues and does not require the --privileged flag.
This approach works with --runtime nvidia and access to the GPU. Note that if you're starting a container within this container and trying to mount volumes, the paths are referenced from the host (see https://stackoverflow.com/a/31381323)