investigating further, i just stumbled upon AppArmor. quote from it's description at the Wiki:
"AppArmor security policies completely define what system resources individual applications can access, and with what privileges."
sounds like it's just what i need, but... i need it to enforce a "allow" policy for a specific Wine application, not the Wine launcher itself; while enforce a "deny" policy for anything else, including the user; and the system resource in question is on network, not local.
AppArmor users/gurus, are you there? can AppArmor do it?