Currently I'm using WineHQ according to this super secure installation guide:

Please notice the following about this method:

1) WineHQ binaries ownership & permissions all are changed so that WineHQ are owned by a special user account (WineHQ are isolated totally in special new user account)

2) the special new user account is completely rootless (have no su nor sudo nor PolcyKit power).

My question case is: I like to add additional layer of security by using Firejail. Firejail certainly can never ever be installed from Wine special account because it need sudo to be installed. So, I'm only able to install Firejail from within my 1st user account which I created during fresh installation & have all root powers including su.

But to make Firejail's profile of WineHQ I need the following command:

sudo firecfg --clean && sudo ln -s /usr/bin/firejail /usr/local/bin/wine

the above command is to make WineHQ only sanbox WineHQ not other application.

So, does the above command (or "sudo firecfg" which make WineHQ sandbox all supported application not only Wine) will take effect on WineHQ ? When I run "sudo dnf remove wine" or sudo dnf upgrade wine" from my 1st user account they working. But the Firejail commands that I asking about them deal with sandbox for a package binaries owned by only special user account & not by all accounts on system (Windows application inside my 1st user account can not make use of Wine to run at all).

Frankly specking I did not installed Firejail till now because I'm not sure about the answer of this question & due to the fact that Firejail should installed by downloading external package (not available in repositories I'm hesitated to install it before being sure about answer of this question.