Container Registry fails on push because of a permission problem

Gitlab Omnibus CE version 14.1.3

Description

I have our various storage paths configured to live under /mnt/git-data which looks like this

total 1339
drwx------   9 git      git          10 May  4 13:03 .
drwxr-xr-x   3 root     root       4096 Jun  2 17:34 ..
drwx------   2 git      git         195 Aug 26 08:01 backups
drwx------  74 git      git          74 Jul 31 19:21 builds
drwx------ 251 git      git         251 Apr 28  2020 lfs-objects
drwxrwx---   3 registry git           3 Jun  2 17:54 registry
drwxrws---  38 git      git          39 Aug 26 08:16 repositories
drwxr-x--x  11 git      gitlab-www   11 Jan 28  2021 shared
drwx------  22 git      git          22 Jul 16  2020 uploads

These are the permissions after running gitlab-ctl reconfigure. When I try to push a container to the registry it fails and one of the errors from the log is

2021-08-26_15:16:16.28525 time="2021-08-26T08:16:16-07:00" level=error msg="unknown error" auth_user_name=james code=UNKNOWN correlation_id=01FE1GGYRRE6ET4JW4E45Z4QWG detail="filesystem: mkdir /mnt/git-data/registry: permission denied" error="unknown: unknown error" go_version=go1.16.4 migrating_repository=false root_repo=web use_database=false vars_name=web/xxx write_fs_metadata=true

The registry is attempting to create a folder but can't due to the permissions. This folder already exists with the correct permissions but the parent folder doesn't allow registry to make new folders at that level.

Possible Solutions

modify the registry to check for the existance of the registry folder before attempting to create it
add the registry user to the git group and add the group-write permission to the top-level folder. This seems like a poor security tradeoff given how simple 1 should be

Workarounds

Setting the top-level folder to 0777 let's the registry work properly but is obviously bad for security and it gets reverted on every update.